Principal Product Security Engineer @ Aurora Innovation

Principal Product Security Engineer

Posted on 2/14/2023

INACTIVE

Locations

Bozeman, MT, USA

Experience Level

Entry

Junior

Mid

Senior

Expert

Desired Skills

Agile

AWS

C/C++/C#

Linux/Unix

Python

Requirements

Foundational knowledge of operating system security for Linux
Foundational knowledge of the CWE Top 25
Ability to assess software and/or hardware components with and without full knowledge
Ability to work well with other assessment members and engineering partners
Ability to communicate effectively with technical and non-technical audiences
Experience in one or more of the following: risk assessment, threat modeling, incident and emergency response, OS hardening, vulnerability management, pentesting, offensive security or cryptographic protocols and concepts
Experience in vulnerability discovery and analysis, design review, and code-level security reviews
Experience in, and technical knowledge of security engineering, computer and network security, authentication and security protocols, and applied cryptography
Experience with assessment, development, implementation, and documentation of a comprehensive and broad set of security technologies and processes
Working understanding and demonstrated experience evaluating and applying automotive protocols and security standards
Experience maintaining Security Assurance / Secure-SDLC processes and programs in an agile / waterfall environment
Experience maintaining, building and evaluating threat models / risk assessments
Experience with and ability to implement best practices across various security domains
Minimum 10 years of experience in a security-specific or security-adjacent industry
Minimum 2 years of experience in the robotics or automotive industry or equivalent

Responsibilities

Perform technical security assessments and reviews, research, uncover, and reproduce vulnerabilities, design secure protocols and systems, and write tests and fuzzers to drive architecture changes
Assess the risks across the Aurora Driver Platform and prioritize high value components (software and/or hardware) for critical and high security vulnerabilities
Comfort employing techniques including reverse engineering, fuzzing, and static and/or dynamic analysis
Conduct research to identify new and novel attack vectors against Aurora's products and services
Review, develop and document secure operational best practices, and provide security guidance for engineers and various internal and external partners
Identify, evangelize and lead successful integration of security capabilities, components, and remediation work across Aurora
Own relationships with Engineering teams, Vehicle Platform partners and OEMs to ensure and provide strategic direction for the highest level of security assurance for the Aurora Driver platform
Develop and implement the content to mentor, train, and educate Aurora's engineering teams on secure design and secure implementation
Advise executives in the Security organization, Software organization, and Hardware organization in order to best ensure the security of the Aurora Driver platform

Desired Qualifications

Relevant work experience in offensive security, penetration testing or red teaming
Experience implementing various Defense in Depth Strategies to address dynamic threats across various software and hardware stacks
Ability and desire to write production-quality code in C++, Golang, or Python
Experience evaluating the security of software, hardware and services
Foundational knowledge of embedded firmware security and hardware security, preferably in the robotics or automotive space
Familiarity with cloud security (AWS) and infrastructure-as-code
Familiarity with Trusted Platform Modules, HSMs, and trusted boot
A history of giving back to the security industry via open source contributions, published papers, or conference presentations

Who We Are

Aurora (Nasdaq: AUR) is delivering the benefits of self-driving technology safely, quickly, and broadly to make transportation safer, increasingly accessible, and more reliable and efficient than ever before. The Aurora Driver is a self-driving system designed to operate multiple vehicle types, from freight-hauling semi-trucks to ride-hailing passenger vehicles, and underpins Aurora Horizon and Aurora Connect, its driver-as-a-service products for trucking and ride-hailing. Aurora is working with industry leaders across the transportation ecosystem, including Toyota, FedEx, Volvo Trucks, PACCAR, Uber, Uber Freight, U.S. Xpress, Werner, Covenant, Schneider, and Ryder. For Aurora’s latest news, visit aurora.tech and @aurora_inno on Twitter.

Aurora’s Product Security team’s mission is to discover, mitigate, and prevent security risks in the software, hardware, and services developed by Aurora.

Our team is responsible for ensuring the secure design and implementation of the technology built for the Aurora Driver as well as continually improving the assurance levels of security across all of Aurora’s Products. This team is also responsible for performing technical security assessments, threat modeling, security code reviews and vulnerability testing to highlight risk and help various engineering teams and partners to improve security. We work closely with engineers across Aurora as well as 3rd party partners to design and proactively integrate initiatives to enhance security across a wide variety of software or hardware domains and technology stacks.We are searching for an experienced Security Engineer and leader to define, build and implement security assurance frameworks and best practices throughout Aurora’s products to join us on this mission.

In this role, you will

Perform technical security assessments and reviews, research, uncover, and reproduce vulnerabilities, design secure protocols and systems, and write tests and fuzzers to drive architecture changes
Assess the risks across the Aurora Driver Platform and prioritize high value components (software and/or hardware) for critical and high security vulnerabilities
Comfort employing techniques including reverse engineering, fuzzing, and static and/or dynamic analysis
Conduct research to identify new and novel attack vectors against Aurora’s products and services
Review, develop and document secure operational best practices, and provide security guidance for engineers and various internal and external partners
Identify, evangelize and lead successful integration of security capabilities, components, and remediation work across Aurora
Own relationships with Engineering teams, Vehicle Platform partners and OEMs to ensure and provide strategic direction for the highest level of security assurance for the Aurora Driver platform.
Develop and implement the content to mentor, train, and educate Aurora’s engineering teams on secure design and secure implementation
Advise executives in the Security organization, Software organization, and Hardware organization in order to best ensure the security of the Aurora Driver platform

Required Qualifications

Foundational knowledge of operating system security for Linux
Foundational knowledge of the CWE Top 25
Ability to assess software and/or hardware components with and without full knowledge
Ability to work well with other assessment members and engineering partners
Ability to communicate effectively with technical and non-technical audiences
Experience in one or more of the following: risk assessment, threat modeling, incident and emergency response, OS hardening, vulnerability management, pentesting, offensive security or cryptographic protocols and concepts
Experience in vulnerability discovery and analysis, design review, and code-level security reviews
Experience in, and technical knowledge of security engineering, computer and network security, authentication and security protocols, and applied cryptography.
Experience with assessment, development, implementation, and documentation of a comprehensive and broad set of security technologies and processes
Working understanding and demonstrated experience evaluating and applying automotive protocols and security standards
Experience maintaining Security Assurance / Secure-SDLC processes and programs in an agile / waterfall environment
Experience maintaining, building and evaluating threat models / risk assessments
Experience with and ability to implement best practices across various security domains
Minimum 10 years of experience in a security-specific or security-adjacent industry
Minimum 2 years of experience in the robotics or automotive industry or equivalent

Desirable Qualifications

Relevant work experience in offensive security, penetration testing or red teaming
Experience implementing various Defense in Depth Strategies to address dynamic threats across various software and hardware stacks.
Ability and desire to write production-quality code in C++, Golang, or Python
Experience evaluating the security of software, hardware and services
Foundational knowledge of embedded firmware security and hardware security, preferably in the robotics or automotive space
Familiarity with cloud security (AWS) and infrastructure-as-code
Familiarity with Trusted Platform Modules, HSMs, and trusted boot
A history of giving back to the security industry via open source contributions, published papers, or conference presentations

The base salary range for this position is $176K-$282K per year. Aurora’s pay ranges are determined by role, level, and location. Within the range, the successful candidate’s starting base pay will be determined based on factors including job-related skills, experience, qualifications, relevant education or training, and market conditions. These ranges may be modified in the future. The successful candidate will also be eligible for an annual bonus, equity compensation, and benefits.

#LI-CV1

#Mid-Senior

Working at Aurora

At Aurora, we bring together extraordinarily talented and experienced people united by the strength of our values. We operate with integrity, set outrageous goals, and build a culture where we win together — all without any jerks.

We have offices inseveral locations across the United States, where we encourage team and cross-functional collaboration. Aurora offers competitive medical, dental, and vision benefits, and additional healthcare support including medical transportation reimbursement, fertility, adoption, and surrogacy benefits. We empower our employees and their families with options to further their unique physical, mental, and financial wellbeing.

Our Learning and Development offerings include Aurora Academy, where our people learn, develop, and practice the essential skills that drive Aurora’s mission, continually up-leveling our team along the way. Our Careers pageprovides insight into career opportunities at Aurora, and you can find all the latest news on ourBlog.

Safety is central to everything we do. Every employee at Aurora has a role in contributing to safety, every step of the way. We seek candidates who take active responsibility, can contribute to building an atmosphere of trust, and invest in the organization’s long-term success by working safely — no matter what.

We believe that self-driving technology has broad benefits – including increased access to transportation. To realize those benefits, we need a workforce with diverse experiences, insights, and perspectives — a workforce that reflects the communities our technology will serve.

Aurora is committed to providing access to anyone who seeks information from our website. We invite anyone using assistive technologies, such as a screen reader or Braille reader, to email us at [email protected]. if they experience difficulty using our website. Please describe the accessibility problem and include a URL (if available).

Aurora considers candidates without regard to their race, color, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, pregnancy status, parent or caregiver status, ancestry, political affiliation, veteran and/or military status, physical or mental disability, or any other status protected by federal or state law. Aurora considers qualified applicants with criminal histories, consistent with applicable federal, state and local law. We are also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at [email protected].

For California applicants, information collected and processed as part of your application and any job applications you choose to submit is subject toAurora’s California Employment Privacy Policy.

Diversity, Equity and Inclusion

At Aurora, every employee is empowered to take an active role in building an inclusive, collaborative, and unified culture that leverages our diverse strengths, perspectives, and backgrounds.

Transforming how the world moves people and goods involves seeking to understand backgrounds, insights, and lived experiences that differ from our own. One way we accomplish that is with our 15 employee-led Aurora Unified Groups, which support diverse voices and drive inclusive collaboration. We believe that teamwork, belonging, and trust motivate and support our employees to do their best work. As our team grows, we strive to attract and retain exceptional talent that adds new perspectives and experiences and continues to drive innovation. Learn more on our Culture Page.

1,001-5,000 employees

Website

Leading company in self-driving vehicles

Company Overview

Aurora is on a mission to build self-driving technology that will revolutionize the future of transportation. Its flagship product, the Aurora Driver, is a platform that brings together software, hardware, and data services, to autonomously operate passenger vehicles, light commercial vehicles, and heavy-duty trucks

Benefits

Medical, Vision, Life Insurance
Paid leave
Vacation, Holidays & Sick Time
LinkedIn Learning
Aurora Academy
401(k)
Commuter Benefits
Flexible Spending Account
Onsite Food
PerkSpot
Working from Home Support
Emotional & Physical Wellness
Employee Assistance Program

Company Core Values

Operate with integrity - We do the right thing, even if it delays our work or makes less money
Focus - We’re solving one of the most challenging problems of our generation, and we’ll get there by fostering a culture of depth, focus, and rigorous engineering
No jerks - We solve hard technical problems through discussion and collaboration. We don’t waste time battling over personalities and egos
Be reasonable - We expect each other to use good judgment and always have the best interest of the company and our partners in mind
Set outrageous goals - We set ambitious goals that demand commitment and push us to do our best work
Win together - We are building a technology and a company that will serve people and communities around the world. Our team’s diverse perspective and experience make us stronger and better reflect the world we live in