Product Security Software Engineer- Central Software

To operate effectively in complex real-world environments, Boston Dynamics robots must collaborate seamlessly, connecting to customer networks and our cloud-hosted services. As a Product Security Engineer, you will partner with our robotics and software teams to implement solutions that secure our robots, applications, and cloud services.

This hands-on role blends technical security expertise with effective communication skills, contributing to the delivery of highly secure products. You will engage in a variety of tasks, including defining policies and requirements, architecting security systems, and implementing technical security mechanisms.

Examples of recent security initiatives by our teams include the deployment and review of our SSO implementation in both cloud-hosted and on-premises products, the development of data protection standards, and the creation of authentication schemes that support the needs of our robots.

Key Responsibilities:

• Develop and evolve security requirements for Boston Dynamics’ products, including cloud-hosted applications, embedded web apps, and backend systems, throughout the design and development lifecycle.

• Design and review technical architectures, guiding security strategy for cloud-based applications.

• Develop and oversee security operations practices, collaborating with DevOps and engineering teams to implement these practices effectively.

• Stay informed about evolving cloud and web security standards and threats, assisting Boston Dynamics in adapting to the threat and compliance landscape.

Qualifications:

• 5+ years of experience as a product security engineer or architect, focusing on cloud-based systems and web applications or related ecosystems.

• Experience as an individual contributor using Terraform or similar infrastructure-as-code frameworks and Node.js or equivalent web application frameworks.

• Technical experience in creating and deploying security solutions for cloud environments and web applications.

• Strong understanding of a wide range of relevant technical tasks, including code audits, threat modeling, application and code hardening, container and image dependency management, and vulnerability management.

• Foundational knowledge of network security principles, cloud security principles, and their implementation, with experience in security offerings from providers like Amazon Web Services (AWS), Google Cloud Platform (GCP), or Azure.

• Foundational knowledge of web application security principles, including authentication, authorization, single sign-on (SSO), database security, and defenses against common vulnerabilities like CSRF and XSS, as well as familiarity with OWASP web security guidelines.

• Knowledge of Linux operating system security principles.

• Experience with product and data security assessments, such as SOC 2 and the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM).

• Experience in implementing security operations for cloud-based infrastructure, utilizing tools such as AWS GuardDuty (or equivalent) and Wiz (or equivalent cloud security posture monitoring tool).

• Ability to communicate effectively with both technical and non-technical audiences, including skills in writing documentation, proposals, specifications, design docs, and threat analyses.

This position does have the opportunity to be remote. 

We are interested in every qualified candidate who is eligible to work in the United States. However, we are not able to sponsor visas for this position.

#LI-J