Staff Product Security Engineer
Mountain View, California
Applications have closed
Aurora Innovation
Aurora is building self-driving technology that will revolutionize the future of transportation.Who We Are
Aurora (Nasdaq: AUR) is delivering the benefits of self-driving technology safely, quickly, and broadly. Founded in 2017 by experts in the self-driving industry, Aurora is revolutionizing transportation – making it safer, increasingly accessible, and more reliable and efficient than ever before. Its flagship product, the Aurora Driver, is a platform that brings together software, hardware, and data services, to autonomously operate passenger vehicles, light commercial vehicles, and heavy-duty trucks. Aurora is partnered with industry leaders across the transportation ecosystem including Toyota, Volvo, PACCAR, Uber, Uber Freight, FedEx, and U.S. Xpress. Aurora tests its vehicles in the Bay Area, Pittsburgh, and Texas and has offices in those areas as well as in Bozeman, MT; Seattle, WA; Louisville, CO; and Detroit, MI. To learn more, visit www.aurora.tech.
Aurora’s Product Security team’s mission is to discover, mitigate, and prevent security risks in the software, hardware, and services developed by Aurora.
Our team is responsible for ensuring the secure design and implementation of the technology built for the Aurora Driver as well as continually improving the assurance levels of security across all of Aurora’s Products. This team is also responsible for performing technical security assessments, threat modeling, security code reviews and vulnerability testing to highlight risk and help various engineering teams and partners to improve security. We work closely with engineers across Aurora as well as 3rd party partners to design and proactively integrate initiatives to enhance security across a wide variety of software or hardware domains and technology stacks.
We are searching for an experienced Security Engineer with strong offensive security assessment experience that is excited to lead the assurance of the overall security posture for the autonomous vehicle platform to join us on this mission.
Job level is negotiable based on experience. Remote work is approved for US-based employees, including for post-pandemic.
In this role you will
- Perform technical security assessments and reviews, research, uncover, and reproduce vulnerabilities, design secure protocols and systems, and write tests and fuzzers to drive architecture changes
- Assess the risks across the Aurora Driver Platform and prioritize high value components (software and/or hardware) for critical and high security vulnerabilities
- Comfort employing techniques including reverse engineering, fuzzing, and static and/or dynamic analysis
- Conduct research to identify new and novel attack vectors against Aurora’s products and services
- Review, develop and document secure operational best practices, and provide security guidance for engineers and various internal and external partners
- Lead successful integration of security capabilities, components and remediation work with partner teams
- Work with Engineering teams and OEMs to ensure successful security assurance of the Aurora Driver platform
- Guide and mentor both security and non-security engineers
Required Qualifications
- Foundational knowledge of operating system security for Linux
- Foundational knowledge of the CWE Top 25
- Ability to assess software and/or hardware components with and without full knowledge
- Ability to work well with other assessment members and engineering partners
- Ability to communicate effectively with technical and non-technical audiences
- Experience in one or more of the following: risk assessment, threat modeling, incident and emergency response, OS hardening, vulnerability management, pentesting, offensive security or cryptographic protocols and concepts
- Experience in vulnerability discovery and analysis, design review, and code-level security reviews
- Experience in, and technical knowledge of security engineering, computer and network security, authentication and security protocols, and applied cryptography.
- Experience with assessment, development, implementation, and documentation of a comprehensive and broad set of security technologies and processes
- Familiarity with automotive protocols and security standards
- Experience in Security Assurance / Secure-SDLC processes in an agile / waterfall environment
- Experience building and evaluating threat models / risk assessments
- Experience and ability to implement best practices related to cryptographic protocols, infrastructure and network security
- Minimum 8 years of experience in a security-specific or security-adjacent industry
- Minimum 2 years of experience in the robotics or automotive industry or equivalent
Desirable
- Relevant work experience in offensive security, penetration testing or red teaming
- Experience implementing various Defence in Depth Strategies to address dynamic threats across various software and hardware stacks.
- Ability and desire to write production-quality code in C++, Golang, or Python
- Experience evaluating the security of software, hardware and services
- Foundational knowledge of embedded firmware security and hardware security, preferably in the robotics or automotive space
- Familiarity with cloud security (AWS) and infrastructure-as-code
- Familiarity with Trusted Platform Modules, HSMs, and trusted boot
- A history of giving back to the security industry via open source contributions, published papers, or conference presentations
#LI-JL1
#Mid-Senior
Working at Aurora
At Aurora, we bring together people with extraordinary talent and experience united by the strength of our values. We operate with integrity, set outrageous goals, and continue to build a culture where we win together—all without any jerks.
We have offices in 8+ locations across the United States. We offer a competitive benefits package to qualifying employees. Our Career Page includes everything you need to know about working at Aurora.
At the core of everything we do is our commitment to safety. Building best-in-class self-driving technology will take time, and we believe that each employee at Aurora has a role in contributing to safety, every step of the way. Aurora expects commitment to our safety policies from every employee, and seeks candidates who take an active responsibility, can contribute to building an atmosphere of trust, and invest in the organization’s long-term success by prioritizing working safely, no matter what.
We believe that self-driving technology has broad benefits – including an increase in safety and access to transportation – and to achieve those benefits, we want and need a workforce with diverse experiences, insights, and perspectives; said another way, a workforce that reflects the communities and people our technology will benefit. You can find all the latest news on our Blog
Individuals seeking employment at Aurora are considered without regard to race, color, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, pregnancy status, parent or caregiver status, ancestry, political affiliation, veteran and/or military status, physical or mental disability, or any other status protected by federal or state law.
Tags: Agile AWS C Cloud Cryptography Golang Linux Network security Offensive security Open Source Pentesting Product security Python Reverse engineering Risk assessment SDLC Security assessment Vulnerabilities Vulnerability management
Perks/benefits: Career development Flex vacation
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Manager Pentest H/F jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open IT Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open IT Security Engineer jobs
- Open Senior Cyber Security Specialist jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open APIs-related jobs
- Open CI/CD-related jobs