Principal, Product Security Architect

San Jose, CA, United States

Applications have closed

Western Digital

Western Digital, leaders in digital storage solutions compatible with Mac and PC. FREE shipping, friendly support, and 30-day return policy on storage products.

View company page

Company Description

At Western Digital, our vision is to power global innovation and push the boundaries of technology to make what you thought was once impossible, possible.

At our core, Western Digital is a company of problem solvers. People achieve extraordinary things given the right technology. For decades, we’ve been doing just that. Our technology helped people put a man on the moon.

We are a key partner to some of the largest and highest growth organizations in the world. From energizing the most competitive gaming platforms, to enabling systems to make cities safer and cars smarter and more connected, to powering the data centers behind many of the world’s biggest companies and public cloud, Western Digital is fueling a brighter, smarter future.

Binge-watch any shows, use social media or shop online lately? You’ll find Western Digital supporting the storage infrastructure behind many of these platforms. And, that flash memory card that captures and preserves your most precious moments? That’s us, too.

We offer an expansive portfolio of technologies, storage devices and platforms for business and consumers alike. Our data-centric solutions are comprised of the Western Digital®, G-Technology™, SanDisk® and WD® brands.

Today’s exceptional challenges require your unique skills. It’s You & Western Digital. Together, we’re the next BIG thing in data.

Job Description

The  Product Security Architect will be a member of the Security Center of Excellence team specializing in security considerations for hardware and firmware components in storage devices, including ASICs.  The ideal candidate shall have experience in defining, developing, and validating products with security content that combine hardware and firmware elements. This individual will provide crystal-clear technical direction and risk mitigation guidance for diverse engineering and business leaders at all levels. This person will also lead the evolution of secure development practices for hardware components.   During the product development process, this individual will advise the development team on security requirements and define the security architecture.  The Product Security Architect will lead security risk assessments, guide threat modeling activities, and participate in validation of security requirements at the component or system level. Our ideal teammate has experience architecting and developing hardware that meets the highest cybersecurity standards, is highly motivated and passionate about technology.  The ideal candidate is eager to stay up to date with the latest industry trends and technologies and enjoys participating in industry consortiums. If this applies to you – join our collaborative team to develop together the next big thing in data!

Responsibilities 
 

  • Design and implement security architectures and security features for storage devices with hardware, firmware and software components
  • Define security validation plans that ensure correct implementation of security features and mitigation of threats
  • Be a key technical contributor to the continuous improvement of the Secure Development Lifecycle 
  • Develop reference threat models for hardware components and devices overall
  • Assist development teams in adapting the reference threat model to specific product/component
  • Assess security implications of change requests
  • Perform security assessments, code audits and design reviews of embedded platforms
  • Raise awareness and understanding of security considerations with engineers and leaders at all levels of the organization
  • Research and develop technical solutions to mitigate security risks 
  • Participate in industry consortiums/standards bodies and conduct research to identify new attack vectors and industry trends 

 

Qualifications

Basic Qualifications (Required Skills & Experience) 
 

  • Bachelor’s degree or greater with focus in Computer Science, Engineering, or relevant field from an accredited college/university 
  • Strong working knowledge of the FIPS 140-3 specification
  • Design and engineering of security requirements and security controls for hardware components or storage devices 
  • Knowledge of cybersecurity standards and best practices
  • Hardware security architecture design and integration 
  • Knowledge of low level hardware-software interactions, such as storage in flash, RAM or cache
  • Working understanding of security threats, security risk assessments, security threat modeling, security risk mitigation, and security incident reporting
  • Experience working with cryptographic protocols/libraries 

Typical Minimum Experience Preferred (Desired Skills/Experience) 
 

  • 8-10 years of related experience preferred 
  • 5+ years of embedded hardware/software design and development 
  • 3+ years of hardware security experience
  • Experience with two or more of the following: real-time software development, vehicle electronics and controls, embedded systems design, application security, penetration testing, incident response 
  • Experience with embedded software development is a plus

 

 

Additional Information

Western Digital thrives on the power and potential of diversity. As a global company, we believe the most effective way to embrace the diversity of our customers and communities is to mirror it from within. We believe the fusion of various perspectives results in the best outcomes for our employees, our company, our customers, and the world around us. We are committed to an inclusive environment where every individual can thrive through a sense of belonging, respect and contribution.

Western Digital is committed to offering opportunities to applicants with disabilities and ensuring all candidates can successfully navigate our careers website and our hiring process. Please contact us at staffingsupport@wdc.com to advise us of your accommodation request. In your email, please include a description of the specific accommodation you are requesting as well as the job title and requisition number of the position for which you are applying.

Compensation & Benefits Details

  • An employee’s pay position within the salary range may be based on several factors including but not limited to (1) relevant education; qualifications; certifications; and experience; (2) skills, ability, knowledge of the job; (3) performance, contribution and results; (4) geographic location; (5) shift; (6) internal and external equity; and (7) business and organizational needs.
  • The salary range is what we believe to be the range of possible compensation for this role at the time of this posting.  We may ultimately pay more or less than the posted range and this range is only applicable for jobs to be performed in California, Colorado, New York or remote jobs that can be performed in Colorado.  This range may be modified in the future.
  • You will be eligible to participate in Western Digital’s Short-Term Incentive (STI) Plan, which provides incentive awards based on Company and individual performance.  Depending on your role and your performance, you may be eligible to participate in our annual Long-Term Incentive (LTI) program, which consists of restricted stock units (RSUs) or cash equivalents, pursuant to the terms of the LTI plan. Please note that not all roles are eligible to participate in the LTI program, and not all roles are eligible for equity under the LTI plan. RSU awards are also available to eligible new hires, subject to Western Digital’s Standard Terms and Conditions for Restricted Stock Unit Awards.
  • We offer a comprehensive package of benefits including paid vacation time; paid sick leave; medical/dental/vision insurance; life, accident and disability insurance; tax-advantaged flexible spending and health savings accounts; employee assistance program; other voluntary benefit programs such as supplemental life and AD&D, legal plan, pet insurance, critical illness, accident and hospital indemnity; tuition reimbursement; transit; the Virgin Pulse Program; the Applause Program, employee stock purchase plan, and the Western Digital Savings 401(k) Plan.
  • Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, benefits, or any other form of compensation and benefits that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company’s sole discretion, consistent with the law.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Application security Audits Cloud Computer Science Incident response Pentesting Product security Risk assessment Security assessment

Perks/benefits: Career development Competitive pay Equity Flex hours Flex vacation Health care Insurance Medical leave Salary bonus

Region: North America
Country: United States
Job stats:  7  0  0
Category: Architecture Jobs

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.