R&D Principal Software Engineer - Security Response Engineering
R&D Principal Software Engineer - Security Response Engineering
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Please Note:
1. If you are a first time user please create your candidatelogin account before you apply for a job. (Click Sign In > Create Account)
2. If you already have a Candidate Account please Sign-In before you apply.
Job Description:
R&D Principal Software Engineer - Security Response Engineering
The Elevator Pitch: Why will you enjoy this new opportunity
Broadcom VMware Cloud Foundation (VCF) products and services are trusted by various organizations for their mission critical systems. Many of these systems demand the highest confidentiality and are of extreme interest to nation state actors. The vSECR team within the VCF Division at Broadcom is responsible for defending these products services and their supply chains.
If helping find and fix security holes in these systems is your idea of a fun career then you should come join this team. Working alongside other highly motivated and capable security engineers you will get first-hand experience in modern threats attack and defense techniques.
Success in the Role: What are the performance outcomes over the first 6-12 months you will work toward completing
Security Engineers on the team are responsible for triage investigation management and communication of security vulnerabilities reported by external researchers. You will be responsible for assessing threats analyzing externally reported vulnerabilities supporting teams in providing vulnerability mitigations virtual patches workarounds and fix recommendations. You will maintain the highest quality of work while driving programs to completion prioritizing incoming requests contending priorities and managing high profile communications. You will work closely with a variety of teams across Broadcom to achieve our goal of protecting our customers. The role will focus on the growth and management of VCF products from a security perspective and will require involvement in the authoring of VMware Security Response Center (vSRC) communications including security advisories blogs and knowledge base articles.
In the first 6mths you will be expected to become intimately familiar with VCF products/components assigned to you. You should also be able to reproduce externally reported security issues in those components engage with external reporters and drive fixes into patch releases in collaboration with a member of your team. Within 1 year you are expected to be fairly independent in doing security assessments and driving mitigations/remediations with product development and release teams while being proactive with security researcher engagement.
The Work: What type of work will you be doing What assignments requirements or skills will you be performing on a regular basis
- Oversee all aspects of the security response process from triage to remediation and communication of high profile externally reported vulnerabilities
- Reproduce externally reported vulnerabilities assess for lateral impact and develop proof of concepts for those vulnerabilities
- Provide tools (Scripts/checklists) for development teams to verify if their products are impacted as well as validate fixes
- Work with tools such as Blackduck Burp Nessus and Coverity for security defect discovery. Be familiar with OSS vulnerability discovery platforms like vulnhub GHSA openwall etc.
- Assess OSS vulnerabilities for potential impact to VCF products
- Proficient in Python and at least one of C/C or Java
- Enable models and IOCs for SOC to detect similar families of TTPs
- Make entire kill-chain understandable to an engineering audience
- Partner with different business units across Broadcom to build and support processes to support a high profile response
- Build PSIRT expertise creating maintaining and enhancing process and policy documentation
- Define and report program roadmap status development issues and success metrics for High Profile process
- Perform RCCA and present on high profile vulnerabilities to executive staff
- Monitor and develop intelligence sources to maintain situational awareness of the cyber threat landscape
- Work with a diverse group of stakeholders from technical to executive level
- Bachelors degree in Computer Science or related field and 12 years of related experience or Masters degree in Computer Science or related field and 10 years of related experience
Broadcom is proud to be an equal opportunity employer. We will consider qualified applicants without regard to race color creed religion sex sexual orientation national origin citizenship disability status medical condition pregnancy protected veteran status or any other characteristic protected by federal state or local law. We will also consider qualified applicants with arrest and conviction records consistent with local law.
If you are located outside USA please be sure to fill out a home address as this will be used for future correspondence.
Required Experience:
Staff IC
Employment Type
Full-Time
