Product Security Software Engineer- Central Software

To operate in complex real-world environments, Boston Dynamics robots must work together, connected to customer networks and cloud-hosted Boston Dynamics services. As a Product Security Engineer, you will work alongside our robot and software teams to implement solutions which secure our robots, applications, and cloud services. 

This role is hands-on.  It combines your technical security expertise and your ability to communicate and influence, all working to keep Boston Dynamics shipping highly secured products.   You’ll work across a wide spectrum of needs -- defining policies and requirements, architecting security systems, and implementing technical security mechanisms.

Examples of some of our teams’ recent security work includes deployment and review of our SSO implementation in our cloud-hosted and on-prem products, development of data protection standards, and authentication schemes supporting our robots’ needs. 

How you will make an impact:

• Develop and evolve security requirements for Boston Dynamics’ products, including cloud-hosted applications, embedded web apps, and backend systems. Work through the entire design and development lifecycle.

• Design and review technical architectures and guide security strategy for Boston Dynamics’ cloud-based applications.

• Develop and oversee security operations practices, while collaborating with DevOps and engineering teams to implement security operations.

• Remain informed on evolving cloud and web security standards and threats, while helping Boston Dynamics adapt to the threat and compliance landscape.

Qualifications:

• 5+ years experience as a product security engineer or architect focusing on cloud-based systems and web applications, or related ecosystems.

• Experience as an individual contributor using Terraform or similar infrastructure-as-code frameworks and Node.js or equivalent web application frameworks.

• Technical experience creating and shipping security solutions involving cloud environments and web applications.  

• Experience with and strong understanding of a wide set of relevant technical tasks, such as: code audits, threat modeling, application hardening, code hardening, container and image dependency management, vulnerability management, etc.

• Foundational knowledge of network security principles, cloud security principles, and cloud security implementation, including experience with security offerings provided by Amazon Web Services (AWS), Google Cloud Platform (GCP), or Azure.

• Foundational knowledge of web application security principles, including topics such as authentication and authorization, single-sign on and OAuth, database security, defenses against common web security vulnerabilities such as CSRF and XSS, and OWASP web security guidelines.

• Knowledge of Linux operating system security principles.

• Experience with product and data security assessments like SOC 2 and the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM).

• Experience implementing security operations for cloud-based infrastructure, including use of tools such as AWS GuardDuty (or equivalent) and Wiz (or equivalent cloud security posture monitoring tool)

• Ability to communicate effectively with technical and non-technical audiences, including writing documentation, proposals, specifications, design docs, and threat analyses.

We are interested in every qualified candidate who is eligible to work in the United States. However, we are not able to sponsor visas for this position.

Boston Dynamics will never ask you to divulge your personal financial or account information as part of its recruiting process.

#LI-JM1