Product Security Engineer

Overview

Company:Qualcomm Technologies, Inc.

Job Area:Engineering Group, Engineering Group > Product Security Engineering

Job Overview:

Qualcomm is a company of inventors that unlocked 5G ushering in an age of rapid acceleration in connectivity and new possibilities that will transform industries, create jobs, and enrich lives. But this is just the beginning. It takes inventive minds with diverse skills, backgrounds, and cultures to transform 5Gs potential into world-changing technologies and products. This is the Invention Age – and this is where you come in.

GENERAL SUMMARY

Wireless security focus on the security of protocols and implementations of wireless communication stacks, including 3GPP (2-5G), Wifi, Bluetooth, etc.Systems security focus on threat modeling, architectural security design, platform hardening, and cryptographic engineeringSoftware security focus on vulnerability analysis, code review, static analysis, security testing/fuzzing, exploitation techniques and mitigationsHardware security focus on hardware access control, secure debug, secure provisioning, hardware vulnerability detection and side channel attack mitigations Candidates can choose a specific focus area. In general, job function includes performing security assessment on Qualcomm products, detecting and mitigating security vulnerabilities and risks, responding to product security incidents, assisting customers and partners on product security related issues, conducting research and prototyping on advanced vulnerability detection methods, countermeasures, platform hardening techniques, and system level security improvement. All Qualcomm employees are expected to actively support diversity on their teams, and in the Company.Minimum QualificationsBachelor’s degree in Engineering, Information Systems, Computer Science, or related field.2+ years Product Security experience (may include risk assessment, vulnerability detection, etc.) or related work experience.Preferred QualificationsThreat modeling on mobile and embedded devicesSecure code review, analysis and vulnerability assessmentSecurity testing, e.g. fuzzing and pen-testingApplied cryptography and security protocols such as TLS, PKI, PKCS, etc.Product security incident response in mobile, IoT or automotive industryBinary analysis and malware/exploit reverse engineeringOperating system security and hypervisor securityTrusted execution environmentMobile platform security such as AndroidExploit mitigation techniquesHardware security including access control, secure debug, side channel attacksAutomotive securityWireless communication systems and protocols (3GPP standards, Wifi, Bluetooth, etc.)CPU microarchitecture including cache, pipelining, out of order execution, etc.Internals of mobile or embedded operating systemsElectronic systems in automotive productsTeamwork across various teams and geolocationsEffective communications and influenceTime management and get things donePHYSICAL REQUIREMENTS:Frequently transports between offices, buildings, and campuses up to ½ mile.Frequently transports and installs equipment up to 5 lbs.Performs required tasks at various heights (e.g., standing or sitting).Monitors and utilizes computers and test equipment for more than 6 hours a day.Continuous communication which includes the comprehension of information with colleagues, customers, and vendors both in person and remotely.

Wireless security focus on the security of protocols and implementations of wireless communication stacks, including 3GPP (2-5G), Wifi, Bluetooth, etc. Systems security focus on threat modeling, architectural security design, platform hardening, and cryptographic engineering Software security focus on vulnerability analysis, code review, static analysis, security testing/fuzzing, exploitation techniques and mitigations Hardware security focus on hardware access control, secure debug, secure provisioning, hardware vulnerability detection and side channel attack mitigations

Candidates can choose a specific focus area. In general, job function includes performing security assessment on Qualcomm products, detecting and mitigating security vulnerabilities and risks, responding to product security incidents, assisting customers and partners on product security related issues, conducting research and prototyping on advanced vulnerability detection methods, countermeasures, platform hardening techniques, and system level security improvement.

All Qualcomm employees are expected to actively support diversity on their teams, and in the Company.

Minimum Qualifications

+ Bachelor’s degree in Engineering, Information Systems, Computer Science, or related field.

+ 2+ years Product Security experience (may include risk assessment, vulnerability detection, etc.) or related work experience.

Preferred Qualifications

+ Threat modeling on mobile and embedded devices

+ Secure code review, analysis and vulnerability assessment

+ Security testing, e.g. fuzzing and pen-testing

+ Applied cryptography and security protocols such as TLS, PKI, PKCS, etc.

+ Product security incident response in mobile, IoT or automotive industry

+ Binary analysis and malware/exploit reverse engineering

+ Operating system security and hypervisor security

+ Trusted execution environment

+ Mobile platform security such as Android

+ Exploit mitigation techniques

+ Hardware security including access control, secure debug, side channel attacks

+ Automotive security

+ Wireless communication systems and protocols (3GPP standards, Wifi, Bluetooth, etc.)

+ CPU microarchitecture including cache, pipelining, out of order execution, etc.

+ Internals of mobile or embedded operating systems

+ Electronic systems in automotive products

+ Teamwork across various teams and geolocations

+ Effective communications and influence

+ Time management and get things done

PHYSICAL REQUIREMENTS:

+ Frequently transports between offices, buildings, and campuses up to ½ mile.

+ Frequently transports and installs equipment up to 5 lbs.

+ Performs required tasks at various heights (e.g., standing or sitting).

+ Monitors and utilizes computers and test equipment for more than 6 hours a day.

+ Continuous communication which includes the comprehension of information with colleagues, customers, and vendors both in person and remotely.

Minimum Qualifications

Education:

Bachelors – Computer Science, Bachelors – Engineering, Bachelors – Information Systems

Work Experiences:

2+ years Product Security experience (may include risk assessment, vulnerability detection, etc.) or related work experience.

Certifications:

Skills:

Preferred Qualifications

Education:

Work Experiences:

Certifications:

Skills:

Fuzzing, Hardware Security Modules, Reverse Engineering, Secure Code, Software Testing Tools

Applicants: If you are an individual with a disability and need an accommodation during the application/hiring process, please call Qualcomm’s toll-free number found here (https://qualcomm.service-now.com/hrpublic?id=hr_public_article_view&sysparm_article=KB0039028) for assistance. Qualcomm will provide reasonable accommodations, upon request, to support individuals with disabilities to be able participate in the hiring process. Qualcomm is also committed to making our workplace accessible for individuals with disabilities. Qualcomm is an equal opportunity employer and supports workforce diversity.

To all Staffing and Recruiting Agencies: Our Careers Site is only for individuals seeking a job at Qualcomm. Staffing and recruiting agencies and individuals being represented by an agency are not authorized to use this site or to submit profiles, applications or resumes, and any such submissions will be considered unsolicited. Qualcomm does not accept unsolicited resumes or applications from agencies. Please do not forward resumes to our jobs alias, Qualcomm employees or any other company location. Qualcomm is not responsible for any fees related to unsolicited resumes/applications.

EEO Employer: Qualcomm is an equal opportunity employer; all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or any other protected classification.

If you would like more information about this role, please contact Qualcomm Careers (http://www.qualcomm.com/contact/corporate) .

We are engineers, scientists and business strategists. We are from many different countries and speak many different languages. We come from diverse cultures and have unique perspectives. Together, we focus on a single goal—we invent breakthrough technologies that transform how the world connects, computes, and communicates.

Employment Notices for US-based Job Postings

Equal Employment Opportunity (https://www.eeoc.gov/sites/default/files/migrated_files/employers/poster_screen_reader_optimized.pdf)

“EEO is the Law” Poster Supplement

Pay Transparency NonDiscrimination Provision (https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf)

Employee Polygraph Protection Act

Family Medical Leave Act (https://www.dol.gov/sites/dolgov/files/WHD/legacy/files/fmlaen.pdf)

Rights of Pregnant Employees

Discrimination and Harassment (https://www.dfeh.ca.gov/wp-content/uploads/sites/32/2020/10/Workplace-Discrimination-Poster_ENG.pdf)

California Family Rights Act

Prepare and succeed

Qualcomm Interview FAQs (https://www.qualcomm.com/company/careers/faqs)

Employment Fraud Alert

We have received reports of employment scams that seek financial or personal information from job candidates. Please note these communications are fraudulent. Click here (https://www.qualcomm.com/employment-fraud-alert) to view our Employment Fraud Alert.