Principal Security Engineer - Product
Are you interested in joining an organization where you can impact security for robotics and IoT? As a Principal Security Engineer - Product, you will support the the SharkNinja Robotics Engineering organization from a security perspective. This role will work with the Robotics team to enhance the product security development program and assist the team in continuing to build security into products and services. The ideal candidate has deep security and systems knowledge and experience and has worked with cloud, mobile, and/or embedded/IoT device ecosystems in a fast-paced agile and cross-functional environment.
This is a highly technical role with 60% product security engineer/advisor and 40% process and security program owner. This is a contributing team member that will report into the security team and be embedded with product teams to build a product security program to deliver products and experiences with security built in from concept phase to use by consumers.
Responsibilities
· Engage with product teams as both advisor and contributing team member to enable building security into complex systems across the entire product lifecycle (from concept through deployment and operations).
· Lead and train developers and testers in security activities during the lifecycle, such as secure design reviews/threat modeling, security code reviews, security test planning, and component security hardening, to identify potential security weaknesses.
· Elevate application, system and data security capabilities in the product engineering community through the creation, implementation, and execution of specifications, guidelines, SoP’s, policies and best practices.
· Assist, from a security perspective, in the design and implementation reviews of embedded firmware, software, and customer-facing cloud infrastructure.
· Review existing architecture, identify design gaps, and recommend security enhancements.
· Design computer security architecture and develop detailed cyber security designs
· Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement.
Qualifications
· Years of experience: 6+
· Familiarity with the Consumer IoT (Internet of Things), Secure software, data and SDLC experience (e.g. MS SDL, OpenSAMM, FOSSID, CMMI-DevSecure)
· Demonstrable knowledge and experience in one or more of the following areas:
o System security engineering
o Embedded device security
o Security Testing / Penetration Testing
o Mobile / Cloud application security
· Knowledge of common security standards and best practices, such as NIST 800-53/800-160, ISO 270xx, CWE, CVSS, OWASP Top 10, CERT Secure Coding Standards and data privacy standards.
· Experience leading secure architecture, design, and code reviews
· Direct development experience RTOS in languages including C/C (x86 or ARM), Python, and Java; Go or Swift experience desirable
· Familiarity with security vulnerability detection and security test automation tools such as, Veracode, Checkmarx, Klocwork etc.
· Must understand and be able to deliver security concepts and challenges to various levels within the organization.
Desired Skills
· Certified Software Security Lifecycle Professional (CSSLP), Certified Information Systems Security Professional (CISSP) certification, SANS GIAC Certified Penetration Tester (GPEN) or equivalent certification
· Knowledge of CI/CD tools and practices
· Experience in waterfall and Agile development methodologies
· Prior or current involvement in industry security initiatives such as ISO, BSIMM, Cloud Security Alliance, or any open source project related to security
Are you interested in joining an organization where you can impact security for robotics and IoT? As a Principal Security Engineer - Product, you will support the the SharkNinja Robotics Engineering organization from a security perspective. This role will work with the Robotics team to enhance the product security development program and assist the team in continuing to build security into products and services. The ideal candidate has deep security and systems knowledge and experience and has worked with cloud, mobile, and/or embedded/IoT device ecosystems in a fast-paced agile and cross-functional environment.
This is a highly technical role with 60% product security engineer/advisor and 40% process and security program owner. This is a contributing team member that will report into the security team and be embedded with product teams to build a product security program to deliver products and experiences with security built in from concept phase to use by consumers.
Responsibilities
· Engage with product teams as both advisor and contributing team member to enable building security into complex systems across the entire product lifecycle (from concept through deployment and operations).
· Lead and train developers and testers in security activities during the lifecycle, such as secure design reviews/threat modeling, security code reviews, security test planning, and component security hardening, to identify potential security weaknesses.
· Elevate application, system and data security capabilities in the product engineering community through the creation, implementation, and execution of specifications, guidelines, SoP’s, policies and best practices.
· Assist, from a security perspective, in the design and implementation reviews of embedded firmware, software, and customer-facing cloud infrastructure.
· Review existing architecture, identify design gaps, and recommend security enhancements.
· Design computer security architecture and develop detailed cyber security designs
· Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement.
Qualifications
· Years of experience: 6+
· Familiarity with the Consumer IoT (Internet of Things), Secure software, data and SDLC experience (e.g. MS SDL, OpenSAMM, FOSSID, CMMI-DevSecure)
· Demonstrable knowledge and experience in one or more of the following areas:
o System security engineering
o Embedded device security
o Security Testing / Penetration Testing
o Mobile / Cloud application security
· Knowledge of common security standards and best practices, such as NIST 800-53/800-160, ISO 270xx, CWE, CVSS, OWASP Top 10, CERT Secure Coding Standards and data privacy standards.
· Experience leading secure architecture, design, and code reviews
· Direct development experience RTOS in languages including C/C (x86 or ARM), Python, and Java; Go or Swift experience desirable
· Familiarity with security vulnerability detection and security test automation tools such as, Veracode, Checkmarx, Klocwork etc.
· Must understand and be able to deliver security concepts and challenges to various levels within the organization.
Desired Skills
· Certified Software Security Lifecycle Professional (CSSLP), Certified Information Systems Security Professional (CISSP) certification, SANS GIAC Certified Penetration Tester (GPEN) or equivalent certification
· Knowledge of CI/CD tools and practices
· Experience in waterfall and Agile development methodologies
· Prior or current involvement in industry security initiatives such as ISO, BSIMM, Cloud Security Alliance, or any open source project related to security
At SharkNinja, our purpose is to positively impact people’s lives every day in every home around the world. We work very hard to provide our consumers with high quality, exciting 5-star products that make life easier. We thrive on passion and innovation, and are looking for great people, with great ideas, who want to create the next big thing. We take a team approach to our projects, where everyone has a voice. We want individuals to push limits, look outside the box and think the unthinkable. With the explosive growth we have been experiencing, we’re looking for motivated individuals to join us on our exciting journey. People need to think big, move fast and want to make a significant impact. Are you ready?