To operate in complex real-world environments, Boston Dynamics robots must work together, connected to customer networks and cloud-hosted Boston Dynamics services. As a Product Security Engineer, you will work alongside our robot and software teams to implement solutions which secure our robots, applications, and cloud services.
Develop and evolve security requirements for Boston Dynamics’ products, including cloud-hosted applications, embedded web apps, and backend systems. Work through the entire design and development lifecycle.
Design and review technical architectures and guide security strategy for Boston Dynamics’ cloud-based applications.
Develop and oversee security operations practices, while collaborating with DevOps and engineering teams to implement security operations.
Remain informed on evolving cloud and web security standards and threats, while helping Boston Dynamics adapt to the threat and compliance landscape.
5+ years experience as a product security engineer or architect focusing on cloud-based systems and web applications, or related ecosystems.
Experience as an individual contributor using Terraform or similar infrastructure-as-code frameworks and Node.js or equivalent web application frameworks.
Technical experience creating and shipping security solutions involving cloud environments and web applications.
Experience with and strong understanding of a wide set of relevant technical tasks, such as: code audits, threat modeling, application hardening, code hardening, container and image dependency management, vulnerability management, etc.
Foundational knowledge of network security principles, cloud security principles, and cloud security implementation, including experience with security offerings provided by Amazon Web Services (AWS), Google Cloud Platform (GCP), or Azure.
Foundational knowledge of web application security principles, including topics such as authentication and authorization, single-sign on and OAuth, database security, defenses against common web security vulnerabilities such as CSRF and XSS, and OWASP web security guidelines.
Knowledge of Linux operating system security principles.
Experience with product and data security assessments like SOC 2 and the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM).
Experience implementing security operations for cloud-based infrastructure, including use of tools such as AWS GuardDuty (or equivalent) and Wiz (or equivalent cloud security posture monitoring tool)
Ability to communicate effectively with technical and non-technical audiences, including writing documentation, proposals, specifications, design docs, and threat analyses.