At Bose Corporation we believe sound is the most powerful force on earth and for over 60 years we have been a company built on innovation excellence and independence. Privately owned fiercely customer-focused and driven by our values we continue to lead industries and transform lives through sound.

Today Bose Corporation is entering an exciting new era. Across multiple global Business Units and Global Functions we are shaping the future of audio technology automotive luxury and premium experiences. We invite you to join us in this transformation.

Job Description

Join the future of product security at Bose

At Bose security and stability are the two pillars of our product innovation. We are seeking for a Security Engineer tosupport the security initiatives for our consumer electronics products. You will play a central role in product security and have the ability to improve the product security program to meet higher level enterprise security objective.With new products launching every year there is a constant need to ensure security in our on-the-go and in-the-home platforms. The ideal candidate has extensive secure software development experience in a fast-paced agile product environment. Join our product security team to power the next wave of innovation at Bose.

Principal Duties and Responsibilities

As a Security Engineer you will work as an integral part of the Product Security team to embed security practices into every aspect of the secure development pipeline. Our development philosophy is to enable developers to write secure code faster.

Responsibilities for this job include:

• Architecting and designing products to guarantee secure practices data confidentiality system integrity

• Engineering and implementing ARM Trust Zone secure applets implementing a cryptographic IOT device identity and root of trust

• Streamlining secrets key management cryptography and credential management

• Defining Security requirements and conducting security assessments

• Architect and implement protections for intellectual property including anti-reverse engineering secure firmware distribution and debug interface lockdown

• Ensure compliance with applicable security regulations and standards (e.g. EU CRA ETSI EN 303 645 NIST) and support audits and certifications

• Advising engineering peers on security matters in the form of architectural guidance code/design reviews and solution development

• Improving vulnerability discovery patching process and leading responses to external security threats

• Code independently with minimal oversight and design system architecture with guidance

• Collaborating with cross-functional teams like product firmware devops cloud engineering manufacturing and program management.

• Performing security testing on products and supporting with the security fix implementations

• Designing and maintaining private X.509 and JWK chains of trust used for validating authenticity of portable audio devices

• Stay up-to-date on security news relevant technologies plug into user groups understand trends and security opportunities

• Be a stakeholder on interdisciplinary teams advocating for security

Qualifications

• Experience developing for embedded systems and Linux platforms in C C

• Strong knowledge of cryptographic theory and engineering including encryption hashing signing digital certificates and hardware security modules (HSMs)

• Building internal security applications with cryptographic guarantees such as firmware encryption and signing custom developer enablement tools secure asset provisioning etc.

• Experience aligning embedded product security practices with regulatory and compliance requirements (EU CRA NIST ISO 27001 IEC 62443 or similar frameworks)

• Experience implementing IP protection and anti-tamper mechanisms in embedded systems including secure boot enforcement firmware encryption and hardware debug port protection

• Experience mitigating dependency or code-level defects including memory-management issues input validation timing attacks broken authentication side channels.

• Experience with computer networking with a focus on security and IOT applications

• Bachelors degree in Computer Science or equivalent. A masters degree is beneficial

• 6 or more years of industry experience working in firmware development with a focus on security. An advanced degree can contribute towards experience

What you can expect at Bose

• Working with wicked smart super cool people

• A business commitment to security stability and quality

• Competitive salary benefits and pension

• A culture of excellence respect opportunity and passion for innovation

Our goal is to create an atmosphere where every candidate feels supported and empowered in the interviewing process. Diversity and inclusion are integral to our success and we believe that providing reasonable accommodation is not only a legal obligation but also a fundamental aspect of our commitment to being an employer of choice. We recognize that individuals may have different needs and requirements based on their abilities and we provide reasonable accommodations to ensure ideal conditions are met during the application process.