Product Security Software Engineer (Embedded Software)

Product Security Software Engineer (Embedded Software) Bose Corporation Experience the latest in sound innovation. Shop Bose headphones, speakers, soundbars, and more, supported by premium customer service. Sound is Power. At Bose, we believe sound is the most powerful force on earth. We've dedicated ourselves to improving it for nearly 60 years. The engineering team at Bose is a thriving, passionate, deeply skilled team of professionals from a broad range of disciplines and experiences, who share a common goal"”to create products that provide transformative sound experiences. Job Description At Bose, we've spent over 50 years finding new ways to bring quality audio and simplicity to people -- in their home, on the go, or wherever music is enjoyed. The Consumer Software team is passionate about bringing these values to wherever you listen to music or watch TV. Securing these products poses an exciting challenge to protect both consumers and the company. The Bose Software Organization is looking to hire an additional firmware engineer to support the security initiatives for our consumer electronics products. Are you ready to join us in making the most secure, best sounding products? The right candidate is obsessed with the fine details of security to offer a flawless experience, with astonishing lifelike sound in a product our customers can trust. Day to Day Responsibilities: Contribute security features and patches to multiple product codebases. Design, develop and test internal applications for key management and cryptography. Code independently with minimal oversight and design system architecture with guidance. Be a stakeholder on interdisciplinary teams advocating for security. Advise engineering peers on security matters in the form of architectural guidance, code/design reviews, and solution development. Perform security testing on products and implement or guide fixes. Work with many teams beyond firmware including DevOps, cloud app development, info sec, electrical engineering, manufacturing and program management. Independently identify potential security enhancement opportunities, by proactively looking for and reporting security and quality issues. Technical Skills: Experience developing for embedded systems and Linux platforms in C, C++. Linux system security hardening techniques. Strong knowledge of cryptographic theory and engineering including encryption, hashing, signing, digital certificates and hardware security modules (HSMs). Building internal security applications with cryptographic guarantees such as firmware encryption and signing, custom developer enablement tools, secure asset provisioning, etc. Experience mitigating dependency or code-level defects including memory-management issues, input validation, timing attacks, broken authentication, side channels. Experience with computer networking with a focus on security and IoT applications. Nice to Have: Experience participating or leading threat modeling sessions. Experience with developing consumer-facing products that interact with mobile apps or cloud/web backends. Experience with Go, Python and Bash. Experience with risk management frameworks, risk quantification and processes. Experience integrating security tools and applications into DevOps pipelines. Experience with trusted-enclave applications such as ARM TrustZone. Knowledge and implementation experience of chip-level security capabilities including encryption, secure boot and authenticated unlocking. Experience with source code management and DevOps tools (Git, Confluence, Jira, Conan, Jenkins, etc.). Education & Experience: A bachelor's degree in computer science, computer engineering, electrical engineering or a related field with sufficient domain experience. A master's degree is beneficial. 6 or more years of industry experience working in firmware development with a focus on security. An advanced degree can contribute towards experience. Bose is an equal opportunity employer that is committed to inclusion and diversity. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status, or any other legally protected characteristics. #J-18808-Ljbffr

Created: 2025-02-11