Product Security Engineer

The Product Security Engineer is responsible for conducting comprehensive security assessments on various products, including mobile applications, IoT hardware/firmware, compiled software, and browser extensions. This role involves identifying vulnerabilities, developing mitigation strategies, and collaborating with cross-functional teams to enhance security. The engineer will use both offensive and defensive security tactics to safeguard products and manage third-party risk. This role contributes to the organization's mission by safeguarding the supply chain and managing third-party risk.

Primary Accountabilities:

Technical (70%)

• Conduct comprehensive security assessments of mobile applications, IoT hardware / firmware, compiled software and browser extensions.   

• Perform reverse engineering and vulnerability analysis, and penetration testing to uncover security risks.

• Analyze binary file formats (PE, ELF, Mach-O) and runtime behaviors for security flaws.

• Review browser extensions and software plugins for security flaws and compliance with best practices.

• Perform product data analysis to identify potential vulnerabilities and determine access scope.

Operational (30%)

• Collaborate with cross-functional teams (e.g. - engineering, product, and security) to enhance security measures and improve resilience against cyber threats.

• Develop and recommend mitigation strategies and risk profiles for identified vulnerabilities.

• Document findings and communicate security recommendations to both technical and non-technical audiences.

• Maintain organizational product inventory with security assessment status and secure configuration requirements.  

• Responsible for the production and maintenance of security documentation, such as bill of material repositories and analytical procedure guides.

Required Qualifications:

• Bachelors of Science in a related field, such as Computer Science, Electrical Engineering, or Cyber Security

• 5-7 years of relevant experience in software exploitation, reverse engineering, malware analysis, or related field; or any equivalent combination of experience and training that provides the required knowledge, skills, and abilities needed to complete the primary job responsibilities

• Proficient in using debuggers, decompilers, and disassemblers to analyze code for vulnerabilities across various CPU architectures, including ARM and RISC-V.

• Strong understanding of binary file formats like PE, ELF, and Mach-O, enabling analysis of applications for security flaws

• Skilled in low-level data extraction and analysis using tools like QEMU and Verilog to identify and verify vulnerabilities through emulation

• Knowledgeable about Linux loaders, binary packing, and embedded systems tools such as BusyBox, binwalk, and u-boot

• Experienced in capturing and analyzing network traffic, including using tools like tcpdump and Scapy to dissect proprietary protocols

• Experienced in BOM enumeration and leveraging tools like CycloneDX for inventory and risk assessment.

• Strong analytical and problem-solving skills, with a keen eye for identifying and mitigating security risks.

• Excellent communication skills for documenting findings, providing security recommendations, and effectively disclosing vulnerabilities to technical and non-technical audiences.

Preferred Qualifications:

• Prior experience working in cybersecurity research or security assessment functions.

• Experience with application security testing and associated static and dynamic analysis tools.

• Knowledge of cryptographic principles and secure coding practices.

• Familiarity with security assessment frameworks and compliance standards.

• Prior experience with radio signals analysis and associated security hardening methodologies.

Individual Competencies: 

• Adaptable:  Responds to change with a willingness to learn new ways to accomplish work objectives with a positive attitude.

• Innovative: Ability to develop, sponsor, or support the introduction of new and improved methods, products, procedures or technologies.

• Analytical and Critical Thinking: Ability to tackle a problem by using a logical, systematic, sequential approach.

• Problem Solving: Gathers and analyzes information to generate and evaluate potential solutions to problems, issues and challenges while weighing the accuracy and relevance of the facts, data and information.

• Communication:  Giving and receiving messages and information in written, oral, and visual formats concisely for a complete understanding of meaning and intent.

• Effective Execution: Gathers and analyzes information to generate and evaluate potential solutions to problems, issues and challenges while weighing the accuracy and relevance of the facts, data and information.

The physical demands described here are representative of those that must be met by an associate to successfully perform the major job responsibilities (essential functions) of this job.  Reasonable accommodations may be made to enable individuals with disabilities to perform the major job responsibilities. This job description is not intended to be an exhaustive list of all duties, responsibilities, or qualifications associated with the job. Duties responsibilities and activities may change, or new ones may be assigned at any time with or without notice.

While performing the duties of this job, the associate is:  

• Regularly required to use hands to finger, handle or feel objects, tools or controls, and reach with hands or arms.

• Regularly required to talk or hear and read instructions on a computer monitor and/or printed on paper.

• Occasionally required to stand, kneel or stoop, and lift and/or move up to 25 pounds.

• Regularly required to view items at an extremely close range and must be able to adjust and readjust focus.

• Regularly required to remain in a stationary position.

As an Inmar Associate, you:

• Put clients first and consistently display a positive attitude and behaviors that demonstrate an awareness and willingness to listen and respond to clients in order to meet their short-term and long-term needs, requirements and exceed their expectations. 

• Treat clients and teammates with courtesy, consideration and tact; you also can perceive the needs of internal and external clients and communicate effectively with the objective of delighting and retaining the client. 

• Build collaborative relationships and work cooperatively with others, inside and outside the organization, to accomplish objectives, develop and maintain mutually beneficial partnerships, leverage information and achieve results. 

• Set and attain achievable, yet aggressive, goals with a sense of urgency and accountability. 

• Understand that results are important and focus on turning mission into action to achieve results following the principles of agile, dynamic execution while consistently complying with quality, service and productivity standards to meet deadlines and exceed expectations by giving our clients the best possible outcome.

• Support a safe work environment by following safety rules and regulations and reporting all safety hazards.

We are an Equal Opportunity Employer, including disability/vets.