Senior Security Engineer (Build)
Sibros accelerates product development by providing industry scale infrastructure including secure automotive and energy cloud solutions, embedded software components and vehicle controllers. Our world-class team hails from companies like Tesla, Google, Faraday Future and Lockheed Martin. You will get a chance to work with a team of deeply knowledgeable engineers working on creating version 2.0 of the automotive industry!
About the Role
- Assist in defining security roadmap for all our products (OTA, logging, remote diagnostics) and deliver security product spec that includes requirements, design specifications and test plans for the software, and build integration teams.
- Support the Threat Analysis and Risk Assessment (TARA) for the Software / Cloud team
- Deploy controls within CI/CD pipelines for SAST, DAST and Third-Party library analysis
- Image assurance and other cloud security integrity controls
- Firmware signing and validation
- Perform, review and prioritize remediation of vulnerabilities in the Cloud environment including Infrastructure, third party libraries
- Analyze cybersecurity attack entry points and evaluate risk versus impact, and then work with the software team to implement cybersecurity requirements as well as evaluate test and software analysis reports.
- Perform competitive analysis and maintain knowledge of emerging security technologies in both the automotive and consumer electronics field.
- BS / MS in Computer Science or similar degree with 5+ years of relevant experience, technical cybersecurity expertise, and knowledge.
- Experience designing secure boot, firmware signatures, and validation.
- Experience planning and developing security policies, procedures, and standards within an IOT environment with constrained resources
- Broad comparative understanding of operating systems, networking technologies, and specific implementations - especially from a computer security perspective.
- Working knowledge of embedded systems and associated languages and build frameworks including POSIX
- Firmware signing and validation, signature methods and digital authentication and non-repudiation
- Secure boot within a firmware environment, integration with TPM and Hardware security
- In-memory credential handling and encrypted firmware and file systems
- Familiarity with standards like ISO 27001, SSAE 16 / 18 SOC 2, ISO 21434 and Uptane framework
- Understanding of knowledge of CIS Benchmarks for Cloud providers, container technologies and key services
- Ability to work in a fast-paced and agile development environment.
- Experience with embedded computing and security including Uptane framework or similar
- Familiarity with secure coding practices, processes, and methods
- Experience with hardware penetration testing and penetration tools.
- Strong customer focus and obsession with quality.
- Add positive energy in every meeting or interaction with your coworkers.
- Strong communication and analytical skills
Equal Employment Opportunity
Sibros is committed to a policy of equal employment opportunity. We recruit, employ, train, compensate, and promote without regard to race, color, age, sex, ancestry, marital status, religion, national origin, disability, sexual orientation, veteran status, present or past history of mental disability, genetic information or any other classification protected by state or federal law.