Product Security Software Engineer (Embedded Software)

You know the moment. It’s the first notes of that song you love, the intro to your favorite movie, or simply the sound of someone you love saying “hello.” It’s in these moments that sound matters most. 

At Bose, we believe sound is the most powerful force on earth. We’ve dedicated ourselves to improving it for nearly 60 years. And we’re passionate down to our bones about making whatever you’re listening to a little more magical. 

The engineering team at Bose is a thriving, passionate, deeply skilled team of professionals from a broad range of disciplines and experiences, who share a common goal—to create products that provide transformative sound experiences.

Job Description

At Bose, we've spent over 50 years finding new ways to bring quality audio and simplicity to people -- in their home, on the go, or wherever music is enjoyed. The Consumer Software team is passionate about bringing these values to wherever you listen to music or watch TV.  We want to be there providing a premium polished experience, with awesome sound, in the home and on the go! 

 

Consumer audio consists of headphones, earbuds, sound bars and speakers. Securing these products poses an exciting challenge to protect both consumers and the company. With new products launching every year, there is a constant need to ensure security in our on-the-go and in-the-home platforms. The Bose Software Organization is looking to hire an additional firmware engineer to support the security initiatives for our consumer electronics products. 

Are you ready to join us make the most secure, best sounding products? The right candidate is obsessed with the fine details of security to offer a flawless experience, with astonishing lifelike sound in a product our customers can trust and is committed to motivating an interdisciplinary team to bring the newest security technology. 

Day to Day Responsibilities: 

• Contribute security features and patches to multiple product codebases.  

• Design, develop and test internal applications for key management and cryptography 

• Code independently with minimal oversight and design system architecture with guidance 

• Be a stakeholder on interdisciplinary teams advocating for security 

• Advising engineering peers on security matters in the form of architectural guidance, code/design reviews, and solution development 

• Performing security testing on products and implementing or guiding fixes. 

• Work with many teams beyond firmware including DevOps, cloud app development, info sec, electrical engineering, manufacturing and program management. 

• Independently identifies potential security enhancement opportunities, by proactively looking for and reporting security and quality issues 

Technical Skills: 

• Experience developing for embedded systems and Linux platforms in C, C++ 

• Linux system security hardening techniques 

• Strong knowledge of cryptographic theory and engineering including encryption, hashing, signing, digital certificates and hardware security modules (HSMs) 

• Building internal security applications with cryptographic guarantees such as firmware encryption and signing, custom developer enablement tools, secure asset provisioning, etc. 

• Experience mitigating dependency or code-level defects including memory-management issues, input validation, timing attacks, broken authentication, side channels. 

• Experience with computer networking with a focus on security and IOT applications 

Nice to Have: 

• Experience participating or leading threat modeling sessions.  

• Experience with developing consumer facing products that interact with mobile apps or cloud/web backends 

• Experience with Go, Python and Bash 

• Experience with risk management frameworks, risk quantification and processes 

• Experience integrating security tools and applications into DevOps pipelines. 

• Experience with trusted-enclave applications such as ARM TrustZone 

• Knowledge and implementation experience of chip-level security capabilities including encryption, secure boot and authenticated unlocking 

• Experience with source code management and DevOps tools (Git, Confluence, Jira, Conan, Jenkins, etc.) 

 

Education & Experience: 

A bachelor's degree in computer science, computer engineering, electrical engineering or a related field with sufficient domain experience. A master’s degree is beneficial. 

6 or more years of industry experience working in firmware development with a focus on security. An advanced degree can contribute towards experience. 

Bose is an equal opportunity employer that is committed to inclusion and diversity. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status, or any other legally protected characteristics. For additional information, please review: (1) the EEO is the Law Poster (http://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf); and (2) its Supplements (http://www.dol.gov/ofccp/regs/compliance/posters/ofccpost.htm). Please note, the company's pay transparency is available at http://www.dol.gov/ofccp/pdf/EO13665_PrescribedNondiscriminationPostingLanguage_JRFQA508c.pdf. Bose is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the application or employment process, please send an e-mail to Wellbeing@bose.com and let us know the nature of your request and your contact information.

Our goal is to create an atmosphere where every candidate feels supported and empowered in the interviewing process. Diversity and inclusion are integral to our success, and we believe that providing reasonable accommodation is not only a legal obligation but also a fundamental aspect of our commitment to being an employer of choice. We recognize that individuals may have different needs and requirements based on their abilities, and we provide reasonable accommodations to ensure ideal conditions are met during the application process.

If you believe you need a reasonable accommodation, please send a note to wellbeing@bose.com