Principal, Product Security Engineer – Pentest Lead

Company Description

At Western Digital, our vision is to power global innovation and push the boundaries of technology to make what you thought was once impossible, possible.

At our core, Western Digital is a company of problem solvers. People achieve extraordinary things given the right technology. For decades, we’ve been doing just that. Our technology helped people put a man on the moon.

We are a key partner to some of the largest and highest growth organizations in the world. From energizing the most competitive gaming platforms, to enabling systems to make cities safer and cars smarter and more connected, to powering the data centers behind many of the world’s biggest companies and public cloud, Western Digital is fueling a brighter, smarter future.

Binge-watch any shows, use social media or shop online lately? You’ll find Western Digital supporting the storage infrastructure behind many of these platforms. And, that flash memory card that captures and preserves your most precious moments? That’s us, too.

We offer an expansive portfolio of technologies, storage devices and platforms for business and consumers alike. Our data-centric solutions are comprised of the Western Digital®, G-Technology™, SanDisk® and WD® brands.

Today’s exceptional challenges require your unique skills. It’s You & Western Digital. Together, we’re the next BIG thing in data.

Job Description

The Product Security Engineer – Pentest Lead will be a member of the Product Security Assurance team specializing in security validation practices, methods and tools. This individual will help mature Western Digital’s security validation capabilities by identifying industry best practices, tools, and expertise needed for all aspects of security validation of Western Digital products (HW, SW, FW, Cloud services). This includes the development of security validation plans that support the threat model, fuzzing, pentesting and identification of functional validation test cases that validate security considerations. This is a unique opportunity to leverage all of your past experience in security validation/pentesting and re-engineer how we approach and perform security validation for all product development. You will partner with product development teams and security engineers to raise awareness and expertise within each and every product development team. As a strong leader and influencer, you will listen to the concerns of product development teams and security engineers alike to develop and deploy best security validation capabilities that ensure our products achieve their security objectives and support efficient development. You will collaborate and communicate with leadership at all levels in the company. Our ideal teammate is passionate about security validation and has hands-on experience pentesting hardware, firmware and/or software. This ideal candidate is eager to stay up to date with the latest industry trends and technologies and enjoys participating in industry consortiums. If this applies to you – join our collaborative team to develop together the next big thing in data!

Responsibilities

  • Identify best practices and tools for validating all aspects of a product’s security posture
  • Be a key technical contributor to the continuous improvement of the Secure Development Lifecycle
  • Ability to review threat models and develop a security validation plan
  • Raise awareness and understanding of security validation with engineers and leaders at all levels of the organization
  • Partner with teams to develop robust security validation plans and verify implementations of security controls
  • Research and assist with deployment of tools to support efficient security validation
  • Perform pentests on HW, FW, SW products/components
  • Participate in industry consortiums/standards bodies and conduct research

Qualifications

Basic Qualifications (Required Skills & Experience)

  • Bachelor’s degree or greater with focus in Computer Science, Engineering, or relevant field from an accredited college/university
  • Experience pentesting
  • Experience fuzzing
  • Knowledge of cybersecurity standards and best practices
  • Knowledge of low level hardware-software interactions, such as storage in flash, RAM or cache
  • Working understanding of security threats, security risk assessments, security threat modeling, security risk mitigation, and security incident reporting

Typical Minimum Experience Preferred (Desired Skills/Experience)

  • 5-7 years of related experience preferred
  • 3+ years of security validation related activities
  • Experience with embedded software development is a plus

Additional Information

Western Digital thrives on the power and potential of diversity. As a global company, we believe the most effective way to embrace the diversity of our customers and communities is to mirror it from within. We believe the fusion of various perspectives results in the best outcomes for our employees, our company, our customers, and the world around us. We are committed to an inclusive environment where every individual can thrive through a sense of belonging, respect and contribution.

Western Digital is committed to offering opportunities to applicants with disabilities and ensuring all candidates can successfully navigate our careers website and our hiring process. Please contact us at staffingsupport@wdc.com to advise us of your accommodation request. In your email, please include a description of the specific accommodation you are requesting as well as the job title and requisition number of the position for which you are applying.

More Information

Apply for this job

Leave your thoughts

Share this job