Sr. Staff Application Security Engineer

Seattle, WA, United States

Aurora hires talented people with diverse backgrounds who are ready to help build a transportation ecosystem that will make our roads safer, get crucial goods where they need to go, and make mobility more efficient and accessible for all. Aurora’s Product Security team’s mission is to discover, mitigate, and prevent security risks in the software, hardware, and services developed by Aurora. Our team is responsible for ensuring the secure design and implementation of the technology built for the Aurora Driver as well as continually improving the assurance levels of security across all of Aurora’s Products. This team is also responsible for performing technical security assessments, threat modeling, security code reviews and vulnerability testing to highlight risk and help various engineering teams and partners to improve security. We work closely with engineers across Aurora as well as 3rd party partners to design and proactively integrate initiatives to enhance security across a wide variety of software or hardware domains and technology stacks. We are searching for an experienced Security Engineer with strong application security experience that is excited to lead and improve the overall application security posture for the autonomous vehicle platform to join us on this mission.

In this role, you will

Perform secure design reviews and threat modeling. Identify and prioritize risks, attack surfaces, and vulnerabilities

Perform security code reviews of source code changes and advise developers on remediating vulnerabilities and following secure coding practices

Perform technical security assessments and reviews, research, uncover, and reproduce vulnerabilities, design secure protocols and systems, and write tests and fuzzers to drive architecture changes

Manage the vulnerability management process and program through triage, prioritization, tracking, remediation, and validation of vulnerabilities from audits, scans and external reports

Employ techniques including reverse engineering, fuzzing, and static and/or dynamic analysis

Conduct research to identify new and novel attack vectors against Aurora’s products and services

Review, develop and document secure operational best practices, and provide security guidance for engineers and various internal and external partners

Develop and manage a secure software development lifecycle

Develop and manage a bug bounty program

Research, recommend, and develop security tools and technologies to strengthen defenses against emerging threats and vulnerabilities

Work with Engineering teams and OEMs to ensure successful security assurance of the Aurora Driver platform and services

Advocate, guide and mentor both security and non-security engineers to instill security best practices. through secure architecture, design, and development

Required Qualifications

Foundational knowledge of operating system security for Linux

Foundational knowledge of the CWE Top 25

Ability to assess software and/or hardware components with and without full knowledge

Ability to work well with other assessment members and engineering partners

Ability to communicate effectively with technical and non-technical audiences

Experience in one or more of the following: risk assessment, threat modeling, incident and emergency response, OS hardening, vulnerability management, pentesting, offensive security or cryptographic protocols and concepts

Experience in vulnerability discovery and analysis, design review, and code-level security reviews

Experience in, and technical knowledge of security engineering, computer and network security, authentication and security protocols, and applied cryptography

Experience with assessment, development, implementation, and documentation of a comprehensive and broad set of security technologies and processes

Familiarity with automotive protocols and security standards

Experience in Security Assurance / Secure-SDLC processes in an agile / waterfall environment

Experience building and evaluating threat models / risk assessments

Experience and ability to implement best practices related to cryptographic protocols, infrastructure and network security

Minimum 8 years of experience in a security-specific or security-adjacent industry

Minimum 2 years of experience in the robotics or automotive industry or equivalent

Desirable Qualifications

Relevant work experience in offensive security, penetration testing or red teaming

Experience implementing various Defense in Depth Strategies to address dynamic threats across various software and hardware stacks

Ability and desire to write production-quality code in C++, Golang, or Python

Experience evaluating the security of software, hardware and services

Foundational knowledge of embedded firmware security and hardware security, preferably in the robotics or automotive space

Familiarity with cloud security (AWS) and infrastructure-as-code

Familiarity with Trusted Platform Modules, HSMs, and trusted boot

A history of giving back to the security industry via open source contributions, published papers, or conference presentations

The base salary range for this position is $254k-$407K per year. Aurora’s pay ranges are determined by role, level, and location. Within the range, the successful candidate’s starting base pay will be determined based on factors including job-related skills, experience, qualifications, relevant education or training, and market conditions. These ranges may be modified in the future. The successful candidate will also be eligible for an annual bonus, equity compensation, and benefits.

#LI-SP1

#Mid-Senior

#J-18808-Ljbffr