Product Security Engineer, Staff

Company Qualcomm Technologies, Inc.Job Area Engineering Group, Engineering Group > Security EngineeringGeneral Summary Job function includes participation in product security incident response, security research on Qualcomm products in detecting and mitigating security vulnerabilities, customer communications on product security related issues. Specific responsibilities may include binary analysis to identify vulnerabilities being used in active exploits, review of resolutions as part of the incident response, assisting customers to adopt security patches, internal vulnerability detection and risk assessment using both manual methods and automated tools, evaluating new technologies/tools to help detect, triage, and mitigate security vulnerabilities, reaching out to security research community and fostering coordinated vulnerability disclosure.Minimum Qualifications Bachelor's degree in Engineering, Computer Science, or related field and 4+ years of Security Engineering or related work experience.Master's degree in Engineering, Computer Science, or related field and 3+ years of Security Engineering or related work experience.PhD in Engineering, Computer Science, or related field and 2+ years of Security Engineering or related work experience.Applicants should possess at least five years of experience (work or academic) in the field of software security and, specifically, with experience performing software security audits. Ability to work independently with minimal supervision is a must.Required Experience Areas Binary analysis and malware/exploit reverse engineering using tools like Ghidra, IDA, or Binary NinjaProduct security incident response in Mobile, IOT, or automotive industrySecure code review, analysis and vulnerability assessmentSecurity testing, e.g. fuzzing and pen-testingOperating system securityMobile platform security such as Linux AndroidEmbedded security on embedded firmwareAutomotive SecurityExploit mitigation techniquesThreat modelingPreferred Additional Skills Experience in product security incident response and working with external security researchersLLVM experienceExperience in fuzzing (custom fuzzers/harnesses, custom bug detection LLVM passes or runtime detection) to large code base for vulnerability detectionKnowledge of hypervisors, containers, and secure execution environmentsFamiliarity with the internals for Linux, Windows, Zephyr and QNXFamiliarity with wireless communication systems and protocols (CDMA/GSM/UMTS/LTE, WLAN, Bluetooth, NFC, etc)Soft Skills Teamwork across various teams and geolocationsAbility to communicate in English, both verbal and writtenEqual Opportunity Employer Qualcomm is an equal opportunity employer. Qualcomm is also committed to providing an accessible process for individuals with disabilities. Qualcomm is an equal opportunity employer; all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or any other protected classification.Pay Range & Benefits $149,600.00 - $224,400.00The above pay scale reflects the broad, minimum to maximum, pay scale for this job code for the location for which it has been posted. Salary is only one component of total compensation. Qualcomm offers a competitive annual discretionary bonus program and opportunities for annual RSU grants. Benefits package is designed to support success at work, at home, and at play.#J-18808-Ljbffr

Company Qualcomm Technologies, Inc.Job Area Engineering Group, Engineering Group > Security EngineeringGeneral Summary Job function includes participation in product security incident response, security research on Qualcomm products in detecting and mitigating security vulnerabilities, customer communications on product security related issues. Specific responsibilities may include binary analysis to identify vulnerabilities being used in active exploits, review of resolutions as part of the incident response, assisting customers to adopt security patches, internal vulnerability detection and risk assessment using both manual methods and automated tools, evaluating new technologies/tools to help detect, triage, and mitigate security vulnerabilities, reaching out to security research community and fostering coordinated vulnerability disclosure.Minimum Qualifications Bachelor's degree in Engineering, Computer Science, or related field and 4+ years of Security Engineering or related work experience.Master's degree in Engineering, Computer Science, or related field and 3+ years of Security Engineering or related work experience.PhD in Engineering, Computer Science, or related field and 2+ years of Security Engineering or related work experience.Applicants should possess at least five years of experience (work or academic) in the field of software security and, specifically, with experience performing software security audits. Ability to work independently with minimal supervision is a must.Required Experience Areas Binary analysis and malware/exploit reverse engineering using tools like Ghidra, IDA, or Binary NinjaProduct security incident response in Mobile, IOT, or automotive industrySecure code review, analysis and vulnerability assessmentSecurity testing, e.g. fuzzing and pen-testingOperating system securityMobile platform security such as Linux AndroidEmbedded security on embedded firmwareAutomotive SecurityExploit mitigation techniquesThreat modelingPreferred Additional Skills Experience in product security incident response and working with external security researchersLLVM experienceExperience in fuzzing (custom fuzzers/harnesses, custom bug detection LLVM passes or runtime detection) to large code base for vulnerability detectionKnowledge of hypervisors, containers, and secure execution environmentsFamiliarity with the internals for Linux, Windows, Zephyr and QNXFamiliarity with wireless communication systems and protocols (CDMA/GSM/UMTS/LTE, WLAN, Bluetooth, NFC, etc)Soft Skills Teamwork across various teams and geolocationsAbility to communicate in English, both verbal and writtenEqual Opportunity Employer Qualcomm is an equal opportunity employer. Qualcomm is also committed to providing an accessible process for individuals with disabilities. Qualcomm is an equal opportunity employer; all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or any other protected classification.Pay Range & Benefits $149,600.00 - $224,400.00The above pay scale reflects the broad, minimum to maximum, pay scale for this job code for the location for which it has been posted. Salary is only one component of total compensation. Qualcomm offers a competitive annual discretionary bonus program and opportunities for annual RSU grants. Benefits package is designed to support success at work, at home, and at play.#J-18808-Ljbffr

• 

• Government Careers