Senior Device Security Engineer
Location: Remote PolandOur Video Collaboration products help companies stay connected and can be found in the conference rooms of some of the biggest businesses in the world. We are a small nimble group and we are growing our team. We create amazing experiences in the conference room using creative design, surprising science, and innovation. We love what we do because we are passionate about connecting people and we use the products we create every day to stay connected to our team.
We are looking for a Senior Device Security engineer who is interested in working across the entire technology stack; from device hardware, firmware, through mobile applications, communication protocols, and into back-end cloud software and infrastructure. We don't require 'full stack experience', but we do expect you to be a subject matter expert in at least one area.
Ideal candidates can come from many different backgrounds — you may be a software engineer who is passionate about security, a bug bounty researcher, have already worked in product security teams, or you've had experience working as a security consultant.
Product Security goes beyond finding and eliminating security vulnerabilities in our products; we want to stop them occurring in the first place. As a team, we're passionate about root cause analysis; training and awareness; driving security in product road maps; and improving on core frameworks, infrastructure or detection tooling.
RESPONSIBILITIES
Be Yourself. Be Open. Stay Hungry and Humble. Collaborate. Challenge. Decide and just Do. Leave your egoat the door when you come to work every day. These are the behaviors you'll need for success at Logitech. Inthis role you will be responsible for:
●Drive security best practices within the team
●Develop and manage build signing with production keys across all product lines
●Own and maintain Static code analysis tools, Software composition analysis and other relevant tools for security
●Partner with external security firms on pen-testing and other security services
●Configure current systems for highest level of security
●Continuously monitor systems security as new builds roll off and recommend/drive corrections, as needed
SKILLS
MUST
▪ Expertise in programming languages like Java, C, C++, Kotlin etc
▪ Deep knowledge of PKI namely, ciphers like AES, 3DES, hash functions like MD5, SHA-1, 2, 3,
cryptography like RSA, DSA, ECC
▪ Have worked with signing infrastructure like primekey for signing Android/Linux binaries
▪ Advanced knowledge of creating various device/client certificates with openssl and established
root-of-trust
▪ Have worked on securing device identity with factory key provisioning, device data confidentiality with
enabling disk-encryption, device integrity with secure boot/e-fuse, device attestation support with
keybox, on mobile SOCs like Qualcomm, MediaTek, NxP and others
▪ Configuring security policies on Android for SE-Linux for various applications/services/processes.
▪ Advanced knowledge of Android application sandboxing and secure data sharing between different
apps and services
▪ Have supported all aspects of device security on at least one commercial device
▪ Understand the tradeoff between security and ease-of-use/support
▪ Demonstrable experience with tailoring the security requirements in support of a device's or
company's privacy goals.
▪ Advanced knowledge of revision control and code review tools like git, gerrit and build infrastructure like gradle, maven, jenkins
NICE TO HAVE
● Security assessment methodologies
○ Code comprehension in two or more languages (e.g. Java, C/C++, Kotlin)
○ Developing and running scripts for automated static code analysis and worked with tools like
Klocwork, Coverity etc
○ Common security flaws in two or more modern tech stacks. For example:
■ Android mobile applications/frameworks
■ Linux
■ Cloud connected Services
■ OTA
● Security by design
○ Threat modelling (e.g. STRIDE, DREAD, etc.)
○ Securing IOT devices/appliances
● Scripting & Automation
○ Ability to automate common tasks in Python
● Device Security Validation
○ Have taken a device through penetration testing with external security partners
○ Worked with various stakeholders to mitigate threats found in penetration testing
○ Continue to drive security post production
CAREER AND PROFESSIONAL DEVELOPMENT- Competitive salary
- Luxoft Training Center
- Access to e-learning Library
- Individual development plans
- Long-term cooperation with possibility to gain experience in different projects and technologies
- A significant number of professional communities (Agile Community, Tech Community, Business Analysis Community, etc.)
- Group Life Insurance
- Private healthcare insurance – LuxMed. Unlimited access to specialist consultations with Dental Care included
- Medical costs reimbursement for employees (up to certain amount per quarter)
- Travel Insurance
- Benefit Program - Cafeteria and Multisport Card
- Various communities (sport, recreation activities, trips, board games, cultural and educational activities)
- Discounts program for employees – BeLux (banking offer, car leasing offer and cafeteria program discount)
- Convenient locations in a modern offices with game rooms
- Multinational projects for clients all over the world
Check out our open roles at career.luxoft.com
and follow us on Facebook!
www.facebook.com/luxoft.poland