Security Engineer designing and implementing security measures to protect Snap Inc.'s infrastructure. Collaborating across teams while focusing on threat detection and response strategies.
About the role
- Senior Offensive Security Engineer at Openchip, focusing on software security assessments and vulnerability testing. Working collaboratively to improve security across various technology stacks.
Responsibilities
- Identify Vulnerabilities: Discover security flaws before they can be exploited, using offensive security techniques across the full software and firmware stack.
- Threat Modeling: Development of comprehensive threat models covering all targeted usages and deployments of Open chip SW Stack.
- Security Documentation: create and maintain high-quality security guidance documentation, including best practices, design recommendations, and threat mitigation strategies.
- Security Standards Compliance: Drive the alignment of OpenChip products with industry-recognized security standards (e.g., FIPS 140-3, NIST SP 800-193, ISO/IEC 27001).
- Advanced Security Research, Conduct deep technical investigations in areas such as:
- - Microarchitectural security (e.g., side-channel attacks)
- - Cryptographic weaknesses
- - Fuzzing and reverse engineering
- - Code and architecture-level security reviews
- - Logic and memory vulnerabilities (e.g., kernel/firmware privilege escalation)
- Interact with colleagues across projects to unblock issues, or to reach consensus on technical topics.
- Collaborate with colleagues through code reviews, bug triaging, design documents,...
- Contribute to shared team responsibilities (CI failure triaging, documentation, code fixits, rotations...).
- Work with validation teams on required test cases, coverage, and methodologies to ensure robust security verification.
- Work with support Quality team by delivering security guidelines and best practices for implementing a secure development lifecycle (SDL).
- Work with hardware teams, providing requirements for security and influencing hardware/software co-design.
Requirements
- Bachelor or Master's degree in a relevant field
- Experience in the relevant field (5-10yr)
- Experience with standard tools for source control (git), continuous integration, task management (Jira)
- Solid knowledge about computer architecture (CPU, cache and memory hierarchy, buses,...)
- Knowledge about at least two of the following areas:
- - Microarchitectural security(side channel attacks, fault injection)
- - Platform security features (kernel/firmware hardening, CHERI, CFI, pointer tagging, virtualization-based security, IOMMU)
- - Cryptograpy usage across networks (certificates, signatures, TLS/SSL, PK, remote attestation)
- - Boot integrity technologies (UEFI Secure Boot, measured boot, TPM)
- - Cryptography, including experience with cryptography libraries (OpenSSL, libssl, wolfssl, mbedtls, libsodium)
Benefits
- A collaborative, innovation-driven environment with significant autonomy and ownership
- Hybrid work model with flexible scheduling
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Location requirements
IT Security & Compliance Head at Lonza leading security strategy and managing global risk. Collaboration with senior leadership to enhance information security across Capsules & Health Ingredients business.
Senior Security Manager leading security for Sanofi meetings and events across North America. Ensuring compliance with global meeting policies and managing event security operations in high - stake environments.
Security Officer maintaining safety protocols at Aloft New Orleans. Responsible for patrolling, monitoring security systems, and assisting guests with safety - related concerns.
Security Detection Specialist responsible for detecting cybersecurity incidents using advanced security technologies. Analyzing data feeds and leveraging security tools for incident detection and reporting.
Senior Incident Response Engineer at Walmart focusing on security threat campaigns to enhance detection and response capabilities. Collaborating with SOC and engineering teams to improve security posture.
Head of Infrastructure & Security at Kinatico, a RegTech leader, focused on cloud infrastructure and security governance. Leading a technically deep team of cloud engineers and security specialists in a hybrid environment.
Security Engineer at KAYAK responsible for implementing security improvements and managing security tools in Berlin office infrastructure. Collaborating with teams to monitor incidents and enhance security protocols.
Security Supervisor responsible for loss prevention and safety at WarHorse Gaming casino in Omaha. Ensuring compliance with regulations and managing security team operations.
Security Shift Manager overseeing security operations at WarHorse Gaming Omaha. Responsible for team safety, compliance with regulations, and staffing in the security department.