Principal Product Security Engineer

Location: US-Remote

Our Team:

Semtech's Product Security team is a group of passionate and talented security professionals tasked to support product development teams in the creation of high-quality products that are secure by design. We ensure our customers and partners feel comfortable deploying our products, knowing security is an integral part of the development process. We are expanding a versatile and exceptionally talented team of individuals to make this vision a reality.

Job Summary:

The Principal Product Security Engineer will support Semtech's Business Units with product security initiatives. The ideal candidate will support creating high-quality, security focused products by providing product development teams with the necessary support, subject matter expertise, requirements validation, tools, training and assistance. This role also assists the office of the CTO in conceptualizing, developing and commercializing technologies to shape the technical future of the organization.

Responsibilities:

• Lead the development of product security requirements for applications, infrastructure, cloud, and/or other products, and participate in the full lifecycle of product design in all business units.

• Assess, identify, develop threat models and provide recommendations with the explicit purpose of influencing design decisions to address the likely threats to a product's security and resilience.

• Design and implement security solutions that support overall product security in all business units.

• Conduct manual and automated security testing of applications, infrastructure, cloud, and/or other platforms to discover security vulnerabilities.

• Review and learn new Semtech technologies/products quickly and assess them from a security perspective.

• Evaluate cloud architectures, configurations, and processes comprehensively.

• Provide technical leadership and guidance to technology teams involved in cloud projects.

• Foster a culture of collaboration and knowledge sharing across the organization.

• Build key relationships between BUs and functions involving key stakeholders while conducting interviews, surveys, and workshops to gather necessary input regarding their needs, expectations, and concerns.

• Provide assistance and support for ISO certifications, including ISO 27001, ISO 9001, and ISO 22301, contributing to the implementation and maintenance of compliance efforts.

• Lead incident management activities, coordinating responses to security incidents or breaches in products both from internal and external reported sources, and implementing corrective measures.

• Demonstrate proficiency in firmware, with a preference for experience in hardware and module devices, including IoT modules and router devices.

• Provide guidance to business units on security best practices in the cloud, applications, and infrastructure.

• Support the MVNO and associated telecom business units on product security.

• Support the research and implementation of robust secure encryption and protection mechanisms.

• Oversee penetration testing activities to identify and address reported security vulnerabilities.

• Assist with the design and adoption of security measures in IoT products and components, including protocols such as TLS, SSH and Lightweight M2M.

Minimum Qualifications:

• Bachelor's degree in computer science, a related field, or relevant work experience.

• Minimum 10 years' experience working in information/cyber security with an emphasis on product security.

• Experienced working with embedded hardware systems and their respective security considerations.

• Knowledgeable of cryptographic standards and how they are applied to ensure robust product security.

• Knowledge of major cloud platforms (with specific concentration on AWS) and cloud-native technologies.

• Experienced in tracking to remediation application, infrastructure, chip, cloud and other security vulnerabilities.

• Telco stack knowledge, including HLR/HSS, P-Gateway and 2G-4G mobile core protocols, is desirable.

• Strong analytical and problem-solving skills.

• Demonstrated understanding of common security threats and vulnerabilities.

• Skilled in architecting software solutions using a variety of architectural patterns such as Microservices, Monolithic and serverless tailored to project requirements and scalability needs.

• Certified Information Systems Security Professional (CISSP)

Desired Qualifications

• AWS Certified Cloud Practitioner

• AWS Certified Solutions Architect

• Working knowledge of TOGAF enterprise architecture framework

• Dynamic and detail-oriented with a solid background in software development, proficient in Python, C++ and Java.

The intent of this job description is to describe the major duties and responsibilities performed by incumbents of this job. Incumbents may be required to perform job-related tasks other than those specifically included in this description.

All duties and responsibilities are essential job functions and requirements and are subject to possible modification to reasonably accommodate individuals with disabilities.

We are proud to be an EEO employer M/F/D/V. We maintain a drug-free workplace.

A reasonable estimate of the pay range for this position is $121,000 - $190,300. There are several factors taken into consideration in determining base salary, including but not limited to: job-related qualifications, skills, education and experience, as well as job location and the value of other elements of an employee's total compensation package.