Product Security Software Engineer (Embedded Software)

You know the moment. It's the first notes of that song you love, the intro to your favorite movie, or simply the sound of someone you love saying "hello." It's in these moments that sound matters most. At Bose, we believe sound is the most powerful force on earth. We've dedicated ourselves to improving it for nearly 60 years. And we're passionate down to our bones about making whatever you're listening to a little more magical. The engineering team at Bose is a thriving, passionate, deeply skilled team of professionals from a broad range of disciplines and experiences, who share a common goal"”to create products that provide transformative sound experiences. Job Description At Bose, we've spent over 50 years finding new ways to bring quality audio and simplicity to people -- in their home, on the go, or wherever music is enjoyed. The Consumer Software team is passionate about bringing these values to wherever you listen to music or watch TV. We want to be there providing a premium polished experience, with awesome sound, in the home and on the go! Consumer audio consists of headphones, earbuds, sound bars, and speakers. Securing these products poses an exciting challenge to protect both consumers and the company. With new products launching every year, there is a constant need to ensure security in our on-the-go and in-the-home platforms. The Bose Software Organization is looking to hire an additional firmware engineer to support the security initiatives for our consumer electronics products. Are you ready to join us to make the most secure, best sounding products? The right candidate is obsessed with the fine details of security to offer a flawless experience, with astonishing lifelike sound in a product our customers can trust and is committed to motivating an interdisciplinary team to bring the newest security technology. Day to Day Responsibilities: Contribute security features and patches to multiple product codebases. Design, develop and test internal applications for key management and cryptography. Code independently with minimal oversight and design system architecture with guidance. Be a stakeholder on interdisciplinary teams advocating for security. Advise engineering peers on security matters in the form of architectural guidance, code/design reviews, and solution development. Perform security testing on products and implement or guide fixes. Work with many teams beyond firmware including DevOps, cloud app development, info sec, electrical engineering, manufacturing, and program management. Independently identify potential security enhancement opportunities by proactively looking for and reporting security and quality issues. Technical Skills: Experience developing for embedded systems and Linux platforms in C, C++. Linux system security hardening techniques. Strong knowledge of cryptographic theory and engineering including encryption, hashing, signing, digital certificates, and hardware security modules (HSMs). Building internal security applications with cryptographic guarantees such as firmware encryption and signing, custom developer enablement tools, secure asset provisioning, etc. Experience mitigating dependency or code-level defects including memory-management issues, input validation, timing attacks, broken authentication, and side channels. Experience with computer networking with a focus on security and IoT applications. Nice to Have: Experience participating or leading threat modeling sessions. Experience with developing consumer-facing products that interact with mobile apps or cloud/web backends. Experience with Go, Python, and Bash. Experience with risk management frameworks, risk quantification, and processes. Experience integrating security tools and applications into DevOps pipelines. Experience with trusted-enclave applications such as ARM TrustZone. Knowledge and implementation experience of chip-level security capabilities including encryption, secure boot, and authenticated unlocking. Experience with source code management and DevOps tools (Git, Confluence, Jira, Conan, Jenkins, etc.). Education & Experience: A bachelor's degree in computer science, computer engineering, electrical engineering, or a related field with sufficient domain experience. A master's degree is beneficial. 6 or more years of industry experience working in firmware development with a focus on security. An advanced degree can contribute towards experience. Bose is an equal opportunity employer that is committed to inclusion and diversity. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status, or any other legally protected characteristics. #J-18808-Ljbffr

Created: 2025-02-09