Fellow Product Security Engineer

    • CARIAD
  • Mountain View, CA
  • Posted 1 day ago | Updated 4 hours ago

Overview

On Site
Hybrid
Compensation information provided in the description
Full Time

Skills

IT management
Firmware
IMPACT
Evaluation
Design
Leadership
Testing
Threat analysis
Risk analysis
Build tools
Regulatory Compliance
Software development methodology
Demonstrations
Product demonstration
General skills
Communication
Collaboration
Penetration testing
Code review
Security architecture
Software development
C
C++
Rust
Python
Kotlin
Java
Systems architecture
Cryptography
Encryption
Authentication
Embedded systems
Hardening
Access control
Authorization
Writing
Security QA
German
Planning
Software engineering
FOCUS
Privacy
Computer science
Electrical engineering
Training
Insurance
Virtual machines

Job Details

Job Description

Job Description

We are CARIAD, an automotive software development team with the Volkswagen Group. Our mission is to make the automotive experience safer, more sustainable, more comfortable, more digital, and more fun. To achieve that we are building the leading tech stack for the automotive industry and creating a unified software platform for over 10 million new vehicles per year. We re looking for talented, digital minds like you to help us create code that moves the world. Together with you, we ll build outstanding digital experiences and products for all Volkswagen Group brands that will transform mobility. Join us as we shape the future of the car and everyone around it.

Role Summary:

The Fellow Product Security Engineer acts as the technical lead for the Product Security team in the US. They will provide guidance for the architecture, design, and implementations of security primitives. They will also propose technical solutions and actively participate in their coding and integration. Acting as the lead for security projects in the US, they will perform and coordinate with the engineering and product teams security code reviews and threat/risk analysis of implementations (software, firmware) that can impact the security of the whole system. They will constantly challenge the status quo and perform security reviews a variety of settings: ad-hoc security evaluation, external PenTesting, Offensive security projects in coordination with the brands. Autonomy and a great sense of creativity are expected for the Fellow role.

Role Responsibilities:

Lead (Architecture, Design, Code) Product Security Projects in the US

  • Drive Security Architecture and Design discussions for SDV projects in the US
  • Lead development (coding) with US team members.
  • Coordinate with development and testing/validation resources in Germany.
  • Drive integration of security primitives, protocols, and libraries with the SDV teams

Perform Security Code Review of sensitive (security/privacy related) implementations

  • Implement the process for Security Code Review in collaboration with the Principal Engineer, Compliance and Systems and the leaders of SDV teams.
  • Help scaling the security code review (automation, leveraging other teams, processes, etc.) to provide actionable guidance to the engineering and product teams.
  • Expand the program to 3rd party integration and products validation (e.g. binary analysis)

Perform Threat Assessment and Risk Analysis at the Component and System Level

  • Propose a light version of TARA to quickly identify potential threats at the component level, and assess the risk to decide on the next course of action (Full TARA, PenTesting, Patch or Fix, etc.)
  • Collaborate with Offensive Security to build tools to expand our investigation capabilities.
  • Review with engineering teams the top 10 issue and drive resolution with the support of our Principal Engineer, Compliance and Systems

Challenge other teams and perform PenTesting / Offensive Security experiments

  • Perform ad-hoc offensive security experiments to identify potential threats and verify that our SDLC is correctly implemented.
  • Build/Write/Action exploits on a variety of systems to challenge the engineering teams and demo existing risks.
  • Coordinate with Offensive Security teams regular (twice a year) Hackathon to foster creativity and collaboration between teams to identify vulnerabilities.

General Skills:

  • Ability to collaborate with engineering and product organizations.
  • Effective written and oral communication skills.
  • Collaborate and work with multiple teams across geographies and time zones.

Required Specialized Skills:

  • Experience with designing and implementing security in connected systems.
  • Ability to perform code reviews for embedded and back-end/infrastructure software to identify potential security issues and vulnerabilities.
  • Ability to assess threats and analyze risks, propose fixes/mitigations, and drive those efforts.
  • Hands-on experience with PenTesting and/or Offensive Security projects (in short breaking things vs just building things)
  • Security Code Review
  • Security Architecture
  • Coding (C/C++, Go, Rust, Python, Kotlin, Java no need to be an expert for all languages but very solid in 2 languages at least)
  • System Architecture
  • Cryptography Concepts (Encryption, Authentication, Hashing, Non-Repudiation)
  • Embedded Security
  • Code Hardening
  • Access Control and Authorization Frameworks

Desired Skills:

  • Building, writing exploits.
  • Security Testing and Validation

Workplace Flexibility:

  • Calls, (virtual) meetings & workshops (overlapping with German business hours as needed) to align with stakeholders and development teams in Germany.
  • Occasional international and domestic travel to provide on-site support and planning/integration workshops with our internal and external stakeholders.
  • Hybrid mode preferred, could consider a fully remote candidate if exceptional.

Years of Relevant Experience:

  • 20+ years experience in software engineering with a focus on security and/or privacy

Required Education:

  • Bachelor s Degree (Computer Science or Electrical Engineering)

Desired Education:

  • Master s Degree (Computer Science or Electrical Engineering)

Compensation

Salary range is dependent on factors such as geographical differentials, credentials or certifications, industry-based experience, qualification and training. In the city of Mountain View, California, the salary range for this position is $237,100 - 320,900.

CARIAD, Inc. provides performance based merits and annual bonus along with a competitive benefits package. Benefits include medical, dental, vision, 401k with employer match and defined contribution plan, short and long term disability, basic life and AD&D insurance, employee assistance program, tuition reimbursement and student loan repayment plans, maternity and non-primary caregiver leave, adoption assistance, employee referral program and vacation and paid holidays. We also offer a unique vehicle lease program that covers registration and insurance fees.

CARIAD is an Equal Opportunity Employer. We welcome and encourage applicants from all backgrounds, and do not discriminate based on race, sex, age, disability, sexual orientation, national origin, religion, color, gender identity/expression, marital status, veteran status, or any other characteristics protected by applicable laws.


#LI-VM1

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.