£10K/yr to £100K/yr
Cambridge, England
Permanent, Variable

Staff Product Security Engineer

Posted by ARM.

The Arm Product Security Incident Response Team (PSIRT) is looking for a highly motivated, experienced addition to their team, to help deliver on Arm's commitment to coordinated vulnerability disclosure (CVD) and navigate the ever-changing landscape of product security. Growth in this area has created an opportunity join a highly visible and dynamic team at the cutting edge of technology.

Job Overview:

This role is based within the Arm PSIRT and is responsible for managing security vulnerabilities and incidents related to Arm's products and services. We continuously monitor for threats, assess vulnerabilities, coordinate incident response, and facilitate remediation. We also prioritise risks and maintain transparent communication with partners and the community regarding security issues. Arm is committed to maintaining industry-leading product security based on continuous improvement of our organisation's security posture through investments into culture and process.

Responsibilities:

  • Day-to-day handling of suspected and confirmed vulnerabilities in Arm's portfolio of products using the established incident response processSupport Arm's engineering teams with analysis of reported vulnerabilities, including impact and severity assessmentsLead the development of Arm's vulnerability monitoring capabilities using internal and external sourcesLiaise with Arm's engineering teams to facilitate the responsible disclosure of product security vulnerabilitiesEngage with ecosystem peers across engineering and security teams to continuously improve Arm's product security processes based on growing industry expectations

Required Skills and Experience :

  • At least 2 years prior experience in a PSIRT or similar security functionBachelor's or higher in a related field or equivalent experienceExcellent English written and verbal communication skills with a customer focus and ability to communicate vulnerabilities to a technical levelA good understanding of software, hardware, network, and system securityA good understanding of common classes of vulnerabilities and attack methodologiesAbility and willingness to expand security knowledge into various product spaces

"Nice To Have" Skills and Experience :

  • Experience with security research in products and ability to apply that knowledge to product security incident responseExperience in software vulnerability management and SDL practicesPrior engagement in working groups or similar with these key bodies FIRST, MITRE, CERTExperience with ticket management systems such as JiraExperience with incident management toolingExperience with scripting languages, such as pythonFamiliarity Arm's technologies and/or semiconductors/compilers/firmware

In Return:

The Arm PSIRT is a growing and evolving team with senior management visibility and responsibility for business critical processes. Members of this team will be exposed to upper management, having the opportunity to build both internal and external connections including with Arm's partners and collaborators. #LI-PD1