Senior Software Security Engineer
USA-CA - Promontory E
Broadcom
Broadcom Inc. is a global technology leader that designs, develops and supplies a broad range of semiconductor, enterprise software and security solutions.Please Note:
1. If you are a first time user, please create your candidate login account before you apply for a job. (Click Sign In > Create Account)
2. If you already have a Candidate Account, please Sign-In before you apply.
Job Description:
About the Role:We are seeking an experienced Senior Product Security Engineer to help safeguard our products and ensure they are resilient to emerging security threats. This role is pivotal in embedding security throughout the software development lifecycle, performing thorough attack surface analysis, and implementing effective threat models. As a key member of our product security team, you will work cross-functionally with engineering, development, and operations teams to secure products in the Application Networking and Security Division (ANS) of Broadcom.
Responsibilities:- Threat Modeling: Develop and maintain detailed threat models for new and existing products to proactively identify and mitigate potential vulnerabilities.
- Attack Surface Analysis: Conduct attack surface assessments, identifying security flaws, design weaknesses, and potential entry points for adversaries.
- Secure Software Development: Help ensure secure coding practices are embraced and followed by the development teams.
- Security Testing: Collaborate with quality assurance and development teams to integrate and automate security testing within CI/CD pipelines.
- Security Awareness: Provide training, mentoring, and guidance to developers and other stakeholders on secure coding practices and potential security risks.
- Incident Response Support: Contribute to incident response efforts by providing product expertise and participating in security investigations and forensic analysis as needed.
Education/Experience:
- Bachelors degree in computer science or related field and 12+ years of software development experience or a Masters degree in computer science or related field and 10+ years of software development experience.
- 5+ years of relevant experience in product security, secure software development, and/or related fields.
Technical Skills:
- Deep understanding of Secure Software Development Lifecycle (SSDLC) practices, secure coding principles, and experience in threat modeling.
- Proficient in conducting attack surface analysis and implementing effective security controls.
- Experience with security testing tools (e.g., SAST, DAST, IAST) and familiarity with CI/CD security practices.
Knowledge:
- Strong grasp of security standards and frameworks, including OWASP, NIST, and ISO 27001.
- Collaboration: Excellent communication skills and a collaborative mindset, with experience working across engineering, product, and security teams.
- Certifications (preferred): Relevant certifications such as CISSP, CEH, OSCP, or CSSLP are a plus.
This is a unique opportunity to join a talented team that values innovation and the importance of building secure, robust, and resilient Data Center Security products.
Additional Job Description:
Compensation and Benefits
The annual base salary range for this position is $141,000 - $225,000
This position is also eligible for a discretionary annual bonus in accordance with relevant plan documents, and equity in accordance with equity plan documents and equity award agreements.
Broadcom offers a competitive and comprehensive benefits package: Medical, dental and vision plans, 401(K) participation including company matching, Employee Stock Purchase Program (ESPP), Employee Assistance Program (EAP), company paid holidays, paid sick leave and vacation time. The company follows all applicable laws for Paid Family Leave and other leaves of absence.
Broadcom is proud to be an equal opportunity employer. We will consider qualified applicants without regard to race, color, creed, religion, sex, sexual orientation, gender identity, national origin, citizenship, disability status, medical condition, pregnancy, protected veteran status or any other characteristic protected by federal, state, or local law. We will also consider qualified applicants with arrest and conviction records consistent with local law.
If you are located outside USA, please be sure to fill out a home address as this will be used for future correspondence.
Tags: CEH CI/CD CISSP Computer Science CSSLP DAST IAST Incident response ISO 27001 NIST OSCP OWASP Product security SAST SDLC SSDLC Vulnerabilities
Perks/benefits: Career development Competitive pay Equity / stock options Health care Medical leave Salary bonus Signing bonus
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.