Sr. Staff Application Security Engineer

$229,000 - $366,000/Yr

Aurora Innovation - Pittsburgh, PA

posted about 1 month ago

Full-time - Mid Level
Pittsburgh, PA
Professional, Scientific, and Technical Services

About the position

As a Senior Staff Application Security Engineer at Aurora, you will play a pivotal role in enhancing the security posture of our autonomous vehicle platform. Our mission is to ensure the secure design and implementation of the technology that powers our self-driving systems. You will be part of a dedicated Product Security team responsible for identifying, mitigating, and preventing security risks across our software, hardware, and services. This involves conducting technical security assessments, threat modeling, security code reviews, and vulnerability testing to highlight risks and assist various engineering teams in improving security measures. Your expertise will be crucial in collaborating with engineers and third-party partners to proactively integrate security initiatives across diverse technology stacks. In this role, you will perform secure design reviews and threat modeling, identifying and prioritizing risks, attack surfaces, and vulnerabilities. You will conduct security code reviews of source code changes, advising developers on remediating vulnerabilities and adhering to secure coding practices. Additionally, you will manage the vulnerability management process, which includes triage, prioritization, tracking, remediation, and validation of vulnerabilities identified through audits, scans, and external reports. Your responsibilities will also encompass employing techniques such as reverse engineering, fuzzing, and static and dynamic analysis to uncover new attack vectors against our products and services. You will be expected to develop and manage a secure software development lifecycle and a bug bounty program, while also researching and recommending security tools and technologies to strengthen defenses against emerging threats. Your role will involve advocating for security best practices among both security and non-security engineers, guiding them through secure architecture, design, and development processes. This position requires a strong foundation in application security, a passion for improving security measures, and the ability to communicate effectively with both technical and non-technical audiences.

Responsibilities

  • Perform secure design reviews and threat modeling to identify and prioritize risks, attack surfaces, and vulnerabilities.
  • Conduct security code reviews of source code changes and advise developers on remediating vulnerabilities and following secure coding practices.
  • Manage the vulnerability management process through triage, prioritization, tracking, remediation, and validation of vulnerabilities from audits, scans, and external reports.
  • Employ techniques including reverse engineering, fuzzing, and static and/or dynamic analysis to uncover vulnerabilities.
  • Conduct research to identify new and novel attack vectors against the company's products and services.
  • Review, develop, and document secure operational best practices, providing security guidance for engineers and various internal and external partners.
  • Develop and manage a secure software development lifecycle and a bug bounty program.
  • Research, recommend, and develop security tools and technologies to strengthen defenses against emerging threats and vulnerabilities.
  • Work with Engineering teams and OEMs to ensure successful security assurance of the Driver platform and services.
  • Advocate, guide, and mentor both security and non-security engineers to instill security best practices.

Requirements

  • Ability and desire to write production-quality code in C++, Golang, or Python.
  • Foundational knowledge of operating system security for Linux.
  • Foundational knowledge of the CWE Top 25.
  • Ability to assess software and/or hardware components with and without full knowledge.
  • Ability to work well with other assessment members and engineering partners.
  • Ability to communicate effectively with technical and non-technical audiences.
  • Experience in one or more of the following: risk assessment, threat modeling, incident and emergency response, OS hardening, vulnerability management, pentesting, offensive security or cryptographic protocols and concepts.
  • Experience in vulnerability discovery and analysis, design review, and code-level security reviews.
  • Experience in security engineering, computer and network security, authentication and security protocols, and applied cryptography.
  • Experience with assessment, development, implementation, and documentation of a comprehensive and broad set of security technologies and processes.
  • Familiarity with automotive protocols and security standards.
  • Experience in Security Assurance / Secure-SDLC processes in an agile / waterfall environment.
  • Experience building and evaluating threat models / risk assessments.
  • Experience and ability to implement best practices related to cryptographic protocols, infrastructure and network security.
  • Minimum 8 years of experience in a security-specific or security-adjacent industry.
  • Minimum 2 years of experience in the robotics or automotive industry or equivalent.

Nice-to-haves

  • Relevant work experience in offensive security, penetration testing or red teaming.
  • Experience implementing various Defense in Depth Strategies to address dynamic threats across various software and hardware stacks.
  • Experience evaluating the security of software, hardware and services.
  • Foundational knowledge of embedded firmware security and hardware security, preferably in the robotics or automotive space.
  • Familiarity with cloud security (AWS) and infrastructure-as-code.
  • Familiarity with Trusted Platform Modules, HSMs, and trusted boot.
  • A history of giving back to the security industry via open source contributions, published papers, or conference presentations.

Benefits

  • Annual bonus eligibility
  • Equity compensation
  • Comprehensive health benefits
  • Flexible work arrangements
  • Professional development opportunities

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service