Security Architect

At Bose, security and stability are the two pillars of our product innovation. We are seeking for a Security Architect to support the security initiatives for our consumer electronics products. You will play a central role in product security, and have the ability to improve the product security program to meet higher level enterprise security objective. With new products launching every year, there is a constant need to ensure security in our on-the-go and in-the-home platforms. The ideal candidate has extensive secure software development experience in a fast-paced, agile product environment. Join our product security team to power the next wave of innovation at Bose.

As a Security Architect, you will work as an integral part of the Product Security team to embed security practices into every aspect of the secure development pipeline. Our development philosophy is to enable developers to write secure code faster. 

Responsibilities for this job include:

• Architecting and designing products to guarantee secure practices, data confidentiality, system integrity 
• Engineering and implementing ARM Trust Zone secure applets, implementing a cryptographic IOT device identity and root of trust
• Streamlining secrets, key management, cryptography, and credential management
• Defining Security requirements and conducting security assessments
• Advising engineering peers on security matters in the form of architectural guidance, code/design reviews, and solution development 
• Improving vulnerability discovery, patching process, and leading responses to external security threats
• Code independently with minimal oversight and design system architecture with guidance 
• Collaborating with cross-functional teams like Product firmware, DevOps, Cloud engineering, manufacturing, and program management.
• Performing security testing on products and supporting with the security fix implementations
• Designing and maintaining private X.509 and JWK chains of trust used for validating authenticity of portable audio devices 
• Stay up-to-date on security news, relevant technologies, plug into user groups, understand trends and security opportunities
• Be a stakeholder on interdisciplinary teams advocating for security 

• Experience developing for embedded systems and Linux platforms in C, C++ 
• Linux system security hardening techniques 
• Strong knowledge of cryptographic theory and engineering including encryption, hashing, signing, digital certificates and hardware security modules (HSMs) 
• Building internal security applications with cryptographic guarantees such as firmware encryption and signing, custom developer enablement tools, secure asset provisioning, etc. 
• Experience mitigating dependency or code-level defects including memory-management issues, input validation, timing attacks, broken authentication, side channels. 
• Experience with computer networking with a focus on security and IOT applications 
• Bachelor's degree in Computer Science, or equivalent. A master’s degree is beneficial

• 6 or more years of industry experience working in firmware development with a focus on security. An advanced degree can contribute towards experience

• Working with wicked smart, super cool people
• A business commitment to security, stability, and quality
• Competitive salary, benefits, and pension
• A culture of excellence, respect, opportunity and passion for innovation