Aurora Innovation - Mountain View, CA
posted 5 months ago
Aurora is seeking an experienced Security Engineer to join our Product Security team, which is dedicated to discovering, mitigating, and preventing security risks in the software, hardware, and services developed by Aurora. The mission of our team is to ensure the secure design and implementation of technology for the Aurora Driver, while continually improving the assurance levels of security across all of Aurora's products. This role involves performing technical security assessments, threat modeling, security code reviews, and vulnerability testing to highlight risks and assist various engineering teams and partners in enhancing security. The Security Engineer will work closely with engineers across Aurora and third-party partners to proactively integrate initiatives that enhance security across a wide variety of software and hardware domains and technology stacks. In this role, you will be responsible for conducting secure design reviews and threat modeling, identifying and prioritizing risks, attack surfaces, and vulnerabilities. You will perform security code reviews of source code changes, advising developers on remediating vulnerabilities and adhering to secure coding practices. Additionally, you will manage the vulnerability management process, which includes triage, prioritization, tracking, remediation, and validation of vulnerabilities from audits, scans, and external reports. You will employ techniques such as reverse engineering, fuzzing, and static and/or dynamic analysis to uncover vulnerabilities and design secure protocols and systems. The Security Engineer will also be tasked with developing and managing a secure software development lifecycle and a bug bounty program. You will research, recommend, and develop security tools and technologies to strengthen defenses against emerging threats and vulnerabilities. Collaboration with engineering teams and OEMs will be essential to ensure successful security assurance of the Aurora Driver platform and services. Furthermore, you will advocate for and mentor both security and non-security engineers to instill security best practices through secure architecture, design, and development.