Senior Software Security Engineer

USA-CA - Promontory E

Applications have closed

Broadcom

Broadcom Inc. is a global technology leader that designs, develops and supplies a broad range of semiconductor, enterprise software and security solutions.

View all jobs at Broadcom

Please Note:

1. If you are a first time user, please create your candidate login account before you apply for a job. (Click Sign In > Create Account)

2. If you already have a Candidate Account, please Sign-In before you apply.

Job Description:

About the Role:

We are seeking an experienced Senior Product Security Engineer to help safeguard our products and ensure they are resilient to emerging security threats. This role is pivotal in embedding security throughout the software development lifecycle, performing thorough attack surface analysis, and implementing effective threat models. As a key member of our product security team, you will work cross-functionally with engineering, development, and operations teams to secure products in the Application Networking and Security Division (ANS) of Broadcom.

Responsibilities:
  • Threat Modeling: Develop and maintain detailed threat models for new and existing products to proactively identify and mitigate potential vulnerabilities.
  • Attack Surface Analysis: Conduct attack surface assessments, identifying security flaws, design weaknesses, and potential entry points for adversaries.
  • Secure Software Development: Help ensure secure coding practices are embraced and followed by the development teams.
  • Security Testing: Collaborate with quality assurance and development teams to integrate and automate security testing within CI/CD pipelines.
  • Security Awareness: Provide training, mentoring, and guidance to developers and other stakeholders on secure coding practices and potential security risks.
  • Incident Response Support: Contribute to incident response efforts by providing product expertise and participating in security investigations and forensic analysis as needed.

Requirements:

Education/Experience:

  • Bachelors degree in computer science or related field and 12+ years of software development experience or a Masters degree in computer science or related field and 10+ years of software development experience.
  • 5+ years of relevant experience in product security, secure software development, and/or related fields.

Technical Skills:

  • Deep understanding of Secure Software Development Lifecycle (SSDLC) practices, secure coding principles, and experience in threat modeling.
  • Proficient in conducting attack surface analysis and implementing effective security controls.
  • Experience with security testing tools (e.g., SAST, DAST, IAST) and familiarity with CI/CD security practices.

Knowledge:

  • Strong grasp of security standards and frameworks, including OWASP, NIST, and ISO 27001.
  • Collaboration: Excellent communication skills and a collaborative mindset, with experience working across engineering, product, and security teams.
  • Certifications (preferred): Relevant certifications such as CISSP, CEH, OSCP, or CSSLP are a plus.

Why Join Us?

This is a unique opportunity to join a talented team that values innovation and the importance of building secure, robust, and resilient Data Center Security products.

Additional Job Description:

Compensation and Benefits

The annual base salary range for this position is $141,000 - $225,000 

This position is also eligible for a discretionary annual bonus in accordance with relevant plan documents, and equity in accordance with equity plan documents and equity award agreements.

Broadcom offers a competitive and comprehensive benefits package: Medical, dental and vision plans, 401(K) participation including company matching, Employee Stock Purchase Program (ESPP), Employee Assistance Program (EAP), company paid holidays, paid sick leave and vacation time. The company follows all applicable laws for Paid Family Leave and other leaves of absence.

Broadcom is proud to be an equal opportunity employer.  We will consider qualified applicants without regard to race, color, creed, religion, sex, sexual orientation, gender identity, national origin, citizenship, disability status, medical condition, pregnancy, protected veteran status or any other characteristic protected by federal, state, or local law.  We will also consider qualified applicants with arrest and conviction records consistent with local law.

If you are located outside USA, please be sure to fill out a home address as this will be used for future correspondence.

Job stats:  2  0  0

Tags: CEH CI/CD CISSP Computer Science CSSLP DAST IAST Incident response ISO 27001 NIST OSCP OWASP Product security SAST SDLC SSDLC Vulnerabilities

Perks/benefits: Career development Competitive pay Equity / stock options Health care Medical leave Salary bonus Signing bonus

Region: North America
Country: United States

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.