Senior Device Security Engineer
Logitech is the sweet spot for people who are passionate about products, making a mark, and having fun doing it. As a company, we’re small and flexible enough for every person to take initiative and make things happen. But we’re big enough in our portfolio, and reach, for those actions to have a global impact. That’s a pretty sweet spot to be in and we’re always striving to keep it that way.
What is the first thing you think of when I mention Logitech? If you are like most people, you are probably thinking keyboard, mouse and webcam. However, did you know that Logitech is the market leader in Video Collaboration (VC) equipment in the enterprise market? In fact, we sell more VC equipment than the next two competitors combined!
We are a fast paced, nimble group with a mission to make the Video Conferencing experience for the remote participant better than being physically in the conference room by using technologies such as Computer Vision/Machine Learning, Cloud Computing and Internet of Things (IoT). Our group is run like a startup, by people who have a track record of leading teams in other startups and/or top tier technology companies such as Netflix and Amazon and the results speak for themselves. Our group have consistently had mid to high double-digit growth over the past several years and the growth continues to accelerate
We are looking for talented engineers and leaders to join our growing team innovators and go-getters to deliver the next set of revolutionary products. Ideal candidates will exhibit a high degree of ownership, independent thinking, a die-hard, can do attitude with a burning desire to challenge and change the status quo.
Do you have what it takes to board this rocket ship and redefine an entire industry? If so, we can’t wait to talk to you and bring you on-board 🙂
The Role:
We are looking for a Senior Device Security Engineer who is interested in working across the entire technology stack; from device hardware, firmware, through mobile applications, communication protocols, and into back-end cloud software and infrastructure. We don’t require ‘full stack experience’, but we do expect you to be a subject matter expert in at least one area. Ideal candidates can come from many different backgrounds — you may be a software engineer who is passionate about security, a bug bounty researcher, have already worked in product security teams, or you’ve had experience working as a security consultant. Product Security goes beyond finding and eliminating security vulnerabilities in our products; we want to stop them occurring in the first place. As a team, we’re passionate about root cause analysis; training and awareness; driving security in product road maps; and improving on core frameworks, infrastructure or detection tooling.
Key Qualifications:
- Expertise in programming languages like Java, C, C++, Kotlin etc.
- Deep knowledge of PKI namely, ciphers like AES,3DES, hash functions like MD5, SHA-1,2,3, cryptography like RSA, DSA,ECC
- Advanced knowledge of creating various device/client certificates with openssl and established root-of-trust
- Have worked on securing device identity with factory key provisioning, device data confidentiality with enabling disk-encryption, device integrity with secure boot/e-fuse, device attestation support with keybox, on mobile SOCs like Qualcomm, MediaTek, NxP and others
- Configuring security policies on Android for SE-Linux for various applications/services/processes
- Advanced knowledge of Android application sandboxing and secure data sharing between different apps and services
- Have supported all aspects of device security on at least one commercial device
- Understand the tradeoff between security and ease-of-use/support
- Demonstrable experience with tailoring the security requirements in support of a device’s or company’s privacy goals
- Advanced knowledge of revision control and code review tools like git, gerrit and build infrastructure like gradle, maven, Jenkins
Preferred Skills:
- Security assessment methodologies
- Code comprehension in two or more languages (e.g. Java, C/C++,Kotlin)
- Developing and running scripts for automated static code analysis and worked with tools like Klocwork, Coverity etc
- Common security flaws in two or more modern tech stacks. For example:
Android mobile applications/frameworks
Linux
Cloud connected Services
OTA - Security by design
- Threat modelling (e.g. STRIDE, DREAD, etc.)
- Securing IOT devices/appliances - Scripting & Automation
- Ability to automate common tasks in - Device Security Validation
- Have taken a device through penetration testing with external security partners
- Worked with various stakeholders to mitigate threats found in penetration testing
- Continue to drive security post production
Education:
- BSBC, BSCE or equivalent with 5+ years of relevant experience required
All qualified applicants will receive consideration for employment without regard to race, sex, age, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.
If you’d like to learn more about this position or apply, please reach out to Kacy today!