Principal Software Security Engineer

Job Requisition ID #

24WD84018

Position Overview

Do you like computers? Do you like software? Do you enjoy dismantling code/devices/cars/and more? Do you love humans and want to protect them from computer criminals and themselves? Ever read 2600? Phrack? Did you collect all the BlackBadgeRaffle TCG cards at DEFCON32? Then have we got something for you... 

 

At Autodesk, we help improve the designed and built world and make the world a little better with each project. We are committed to building software that empowers our customers to build more energy efficient, low-carbon-footprint buildings. We are leading the transformation of the Architecture, Engineering, and Construction fields by integrating AI technology into our products and building the industry’s first data-driven-connected platform. Autodesk is establishing itself as the Trusted Partner in the AEC industry. 

 

Wouldn’t you love to be a part of this? 

Better yet, wouldn’t you love to help keep it all safe and secure!? 

 

Here is your opportunity! 

 

Autodesk is looking for a Principal Product Security Engineer to join us on our journey to revolutionize the AEC industry. In this role, you will add your Offensive Security expertise to a team of passionate and driven technologists. You will be given opportunities to help uncover important security improvements in our products and identify creative ways to improve our systems, processes, and practices. You will have the flexibility to engage across multiple teams and geographies, providing your support, insight, and advice as they work through vulnerability remediation. You will be able to improve the vulnerability and 0-day response processes. You will own and mature the SSDLC (Secure Software Development Lifecycle) across AEC teams. Throughout the year, you will have the ability to attend various Security Conferences and training sessions to sharpen your skills and bring back new ideas, techniques, and approaches. 

Responsibilities 

• Work with the Senior Distinguished Architect, Trust; to document, maintain, and improve the AEC Secure Software Development Lifecycle 

• Work with the Trust Organization in various Security Vulnerability Management and 0-day response capacities 

• Manage and mature the AEC security vulnerability and DoD response processes 

• Act as primary point of contact for AEC 0-day reports and assist in engaging Researchers and Engineers 

• Proactively fuzz, research, and investigate AEC Products and Processes for Security issues and improvements 

• Support all AEC Security incident BPM processes 

• Assist engineering teams in secure code development through expertise 

• Help with setting up policies, procedures, and standards to improve Security Posture 

• Engage with AEC engineers to establish training, awareness resources, and other mechanisms to dramatically improve the security of AEC products 

• Partner with other engineers across the company to share Software Security practices, lessons learned, and improve transparency and efficiency 

• Own the various Security metadata components within the Software Catalog, including creation, naming, and maintaining 

• Attend Trust meetings across the AEC organization (bi-weekly, monthly, and quarterly) 

• Attend industry events and other conventions/conferences to gather new Software Security techniques and to continuously improve this roles’ impact 

  

Minimum Qualifications 

• BS or MS or Equivalent Experience in Cybersecurity/Computer Science (or related technical field) 

• 5+ years of hands-on Offensive Security experience or 7+ years of a mix 

• Experience with Offensive Security tools, techniques, and methodologies  

• Experience working with programming languages (Eg. C, C++, C#, Rust, Go, Javascript, Java, Python, Perl, PHP, TypeScript...) 

• Experience collaborating with cross-organizational teams   

  

Preferred Qualifications 

• Experience with writing reports and communicating complex security concepts to technical personnel 

• Familiarity with modern software practices including Continuous Integration, Continuous Delivery, and Infrastructure-as-Code 

• Familiarity with Security Disciplines outside of Offensive Security (Privacy, GRC, Blue Teaming, Awareness)  

• Familiarity with authentication/authorization using OAuth2.0, OICD, SPIFFE, FIDO2, etc. 

• Familiarity with large-scale distributed systems, containing hybrid applications across desktop, mobile, and web

• Experience in the AEC industry or other regulated industry 

 

The Ideal Candidate 

• Easily collaborates with other members of a team to deliver value 

• Constantly strives to learn new technologies and methodologies 

• Is adaptable, customer-focused, and seek new ways to solve hard problems 

• Is transparent and work in an open sharing manner, leveraging automation 

#LI-DH1

Learn More

About Autodesk

Welcome to Autodesk! Amazing things are created every day with our software – from the greenest buildings and cleanest cars to the smartest factories and biggest hit movies. We help innovators turn their ideas into reality, transforming not only how things are made, but what can be made.

 

We take great pride in our culture here at Autodesk – our Culture Code is at the core of everything we do. Our values and ways of working help our people thrive and realize their potential, which leads to even better outcomes for our customers.

 

When you’re an Autodesker, you can be your whole, authentic self and do meaningful work that helps build a better future for all. Ready to shape the world and your future? Join us!

Benefits

From health and financial benefits to time away and everyday wellness, we give Autodeskers the best, so they can do their best work. Learn more about our benefits in the U.S. by visiting https://benefits.autodesk.com/

Salary transparency

Salary is one part of Autodesk’s competitive compensation package. For U.S.-based roles, we expect a starting base salary between $138,100 and $223,300. Offers are based on the candidate’s experience and geographic location, and may exceed this range. In addition to base salaries, we also have a significant emphasis on annual cash bonuses, commissions for sales roles, stock grants, and a comprehensive benefits package.

Equal Employment Opportunity

At Autodesk, we're building a diverse workplace and an inclusive culture to give more people the chance to imagine, design, and make a better world. Autodesk is proud to be an equal opportunity employer and considers all qualified applicants for employment without regard to race, color, religion, age, sex, sexual orientation, gender, gender identity, national origin, disability, veteran status or any other legally protected characteristic. We also consider for employment all qualified applicants regardless of criminal histories, consistent with applicable law.

Diversity & Belonging

We take pride in cultivating a culture of belonging and an equitable workplace where everyone can thrive. Learn more here: https://www.autodesk.com/company/diversity-and-belonging

Are you an existing contractor or consultant with Autodesk?

Please search for open jobs and apply internally (not on this external site).