Company:Qualcomm Technologies, Inc.
Job Area:Engineering Group, Engineering Group > Machine Learning Engineering
General Summary:AI runtimes, model compilers, and inference SDKs now operate in safety-critical, latency-sensitive, and high-assurance contexts where vulnerabilities can carry real-world consequences at massive scale. This reality demands security researchers who can think across the full stack. From hardware-adjacent firmware and accelerator interfaces to SDK-level APIs and developer-facing toolchains; and who are equipped to drive proactive threat discovery, rigorous vulnerability analysis, and security-by-design principles throughout the software development lifecycle. Our mission is to ensure that AI software powering the next generation of mobile, automotive, edge, and connected devices remains resilient, trustworthy, and secure against the most determined adversaries by exploring innovative ways to identify and prevent security flaws before they can be discovered, exploited, or weaponized in the real world.
We are seeking talented, self-driven Product Security Engineers; from Junior to Senior level with security expertise to partner with AISW development teams from design to deployment.
In this role, you will evaluate system architectures for security gaps, build automated and continuous security assessments, contribute security fixes alongside developers, and embed security gates into CI/CD pipelines. You will play a founding role in building threat detection systems from the ground up, champion the adoption of new testing tools and detection mechanisms, and leverage LLM-driven workflows and agentic systems to scale security research and raise simulation fidelity.
Responsibilities:
- Evaluate AISW Team's products for security gaps early in the development lifecycle, partnering with engineering teams from ideation through release.
- Conduct security design reviews, threat modeling sessions, and architecture assessments to surface attack surfaces and trust-boundary risks.
- Monitor the threat landscape to identify newly disclosed vulnerabilities, adversarial techniques, and emerging attack patterns relevant to AISW products.
- Leverage threat intelligence to inform adversary emulation scenarios, including campaign design, TTP selection aligned with MITRE ATT&CK, and operational sequencing.
- Develop and maintain automated solutions for threat emulation, improving accuracy and efficiency in detection validation.
- Analyze telemetry generated from simulations to assess detection coverage, identify gaps, and recommend improvements.
- Develop and maintain security guidance documentation including policies, procedures, and best practices as a living reference for the AISW organization
- Systematically discover, validate, triage, and track security vulnerabilities from internal teams, automated scanners, and external security researchers.
- Manage the full vulnerability lifecycle; from initial report through rescan validation, applying concepts such as severity scoring (CVSS), KEV prioritization, risk acceptance, ownership assignment, and aging governance.
- Support zero-day escalation events: rapidly iterate through the VM lifecycle, produce custom impact reports, and drive time-sensitive remediation decisions.
- Apply working knowledge of DevSecOps tooling including SAST, SCA, DAST, container scanning, secrets scanning, and SBOM generation.
- Continuously hunt for exploitable vulnerabilities across applications, infrastructure, developer toolchains, and AI model pipelines.
- Perform comprehensive security assessments across AI development workflows, documenting findings with reproduction steps, exploitability analysis, impact assessment, and actionable remediation guidance.
- Build automated security testing tools and agentic workflows - leveraging LLM-driven pipelines - to scale vulnerability discovery, threat emulation, and CI/CD security gating across Stub APIs and build pipelines.
- Advocate for and drive the creation and deployment of new detection mechanisms, paved-path security solutions, and offensive tooling improvements.
- Lead security outreach efforts including post-mortem reviews, vulnerability disclosure coordination, and security advocacy programs.
- Provide security training and conduct outreach sessions with internal development teams to embed a security-conscious culture across AISW.
- Collaborate across business units (Auto BU, MLG, QSIO) on security feature enablement, product sign-off, and risk treatment decisions.
- Manage security update release processes and support coordination and disclosure activities with customers and OEM partners.
Minimum Qualifications:• Bachelor's degree in Computer Science, Engineering, Information Systems, or related field and 2+ years of Hardware Engineering, Software Engineering, Systems Engineering, or related work experience.
OR
Master's degree in Computer Science, Engineering, Information Systems, or related field and 1+ year of Hardware Engineering, Software Engineering, Systems Engineering, or related work experience.
OR
PhD in Computer Science, Engineering, Information Systems, or related field.
Preferred Qualifications:- Master's degree in Computer Science, Cybersecurity, Electrical Engineering, or a related field.
- 2+ years of experience in offensive or product security roles, inclusive of software development experience.
- 2+ years of hands-on penetration testing, product security assessment, application security, cloud security, or equivalent offensive security experience.
- Experience performing security activities across one or more SDLC phases: security design review, threat modeling, secure code review, and security testing.
- Experience building or evaluating AI-driven vulnerability discovery pipelines.
- Experience with reverse engineering and low-level systems analysis (IDA Pro, Ghidra, LLDB).
- Proficiency in Python and/or C/C++; experience with scripting for security automation and code review.
- Familiarity with DevSecOps tooling: SAST, SCA, DAST, container scanning, secrets scanning, and SBOM tooling.
- Working knowledge of vulnerability management concepts: CVSS, KEV, false positives, rescan validation, risk acceptance, and dependency management.
- Familiarity with global automotive cybersecurity regulations and standards, including ISO/SAE 21434 and UN R155.
- Experience on product security for embedded devices, which may include a subset of the following skillsets: Device integrity and authentication, Secure communications, Trusted execution environment (TEE), Protected virtualization and platform isolation techniques, Embedded/real time OS security, Hardware access control, Secure provisioning and debug, Key management and applied crypto.
- Excellent written and verbal communication skills, with the ability to collaborate effectively across engineering, product, and leadership teams.
- Proven track record in security research, vulnerability discovery, or security publication.
- Familiarity with global regulations and industry standards, including ISO/SAE 21434, UN R155, GDPR, and CRA.
- Knowledge of adversarial machine learning and model robustness techniques (e.g., MITRE ATLAS).
- Experience working in regulated environments, including automotive, healthcare, finance, or defense.
- Strong understanding of secure software development practices and cloud security (AWS, Azure, or GCP).
- Industry certifications such as OSCP, OSED, GXPN, GREM, CISSP, CISM, or equivalent GIAC certifications.
- Proficiency in one or more programming languages: Python, C, or C++.
- Solid understanding of common vulnerability classes: memory corruption, logic flaws, and authentication bypass.
- Strong understanding of modern AI/LLM system failure modes (e.g., prompt injection, data exfiltration, model misuse).
- Excellent written and verbal communication skills, with the ability to collaborate effectively across engineering, product, and leadership teams.
Pay range and Other Compensation & Benefits: $140,800.00 - $211,200.00
The above pay scale reflects the broad, minimum to maximum, pay scale for this job code for the location for which it has been posted. Even more importantly, please note that salary is only one component of total compensation at Qualcomm. We also offer a competitive annual discretionary bonus program and opportunity for annual RSU grants (employees on sales-incentive plans are not eligible for our annual bonus). In addition, our highly competitive benefits package is designed to support your success at work, at home, and at play. Your recruiter will be happy to discuss all that Qualcomm has to offer - and you can review more details about our US benefits at this link.
If you would like more information about this role, please contact Qualcomm Careers.
