Sr. SW Security Engineer
Previous Job
Sr. SW Security Engineer
Ref No.: 17-01331
Location: San Jose, California
Start Date / End Date: 11/13/2017 to 06/01/2018
Sr SW Security Engineer (Contract)

Location: San Jose, CA

The Samsung ARTIK security architecture team is a team of highly seasoned hands-on architects responsible for defining technical strategy, architecture, detailed requirements, protocols and solutions for our IOT platform security. We are responsible for security of everything from boot image and secure HW API, to operating system and SDK, to communication with the cloud, to AWS services. We work will all teams within organizations, from marketing and strategy to product management and HW, SW and cloud engineering. The security team is responsible for integration of both reactive "security by audit”, uncovering and managing existing vulnerabilities as well as proactive "security by design” approach in all aspects of ARTIK, from HW and SW to connectivity and cloud.
We are seeking experience as a hands on security architect, with a "can do” and "will do” attitude, and a strong communication that is in relentless evangelistic pursuit of security. You are good at coding and have strong understanding of security protocols and systems and most importantly very good at software security measures and will be driving our software security, application security and testing and vulnerability assessment initiatives.


• Selection of vendors and tools for vulnerability management, including Application and Software security testing. Work with development teams to educate and establish process for integration of software testing and integration of the tools with the build and QA process.
• Work with device, SW and cloud product managers to establish SW and application security requirements. Perform threat analysis for vulnerability of related products, design, prioritize, perform and manage execution and time line for remediation.
• Assist or perform security vendor/ partner selection and propose way forward
Required Qualifications:
• Minimum 3-5 years in information security or related roles, responsible for identifying and mitigating security risks
• Threat modeling, creating web application security requirements and identifying web application vulnerabilities (minimum OWASP up to ASVS), experience with SAST and pen testing tools, and their integration with SW development (agile is plus) process and tools
• Ability to do software security code reviews and experience with the remediation process for SW
• Operating system security (Linux and preferably RTOS) and embedded system software security
• Experience with tools and process related to security event monitoring, such as IDS, alert systems, etc.
• Good communications (verbal and written) skills and patience to educate developers, product management to drive security agenda,
• Good understanding of use of cryptography (hashes, ciphers), authentication and key management mechanisms, such as OATUH and REST API security, security protocols: TLS
• Hands on experience with tools such as openssl
• Basic understanding of AWS/cloud security concepts, databases (MySQL)

Preferred Qualifications

• Experience with implementation of security protocols such as OAUTH, BLE/Thread or other wireless stacks, PKI
• Knowledge of AWS security (KMS, Templates, VPC, etc), WAFs, DevOps security
• Experience with setting and managing incident response or security policy is desired.
• Experience with bug bounties
• Experience with device security concepts, such as secure boot, HW security APIs
• Knowledge of compliance frameworks such as HIPAA, PCI, SOC, FedRamp