DescriptionJob Description Overview:
The ASUS Robotics & AI Center is seeking a Platform Security Engineer to join our global research and development team. This role contributes to the security posture of our cloud-based platform, spanning application hardening, infrastructure security, and the day-to-day practices that keep our systems secure as they scale.
We are looking for an engineer with hands-on experience in application and cloud security, a proactive mindset for identifying and mitigating risk, and the ability to collaborate effectively across a multidisciplinary engineering team. The ideal candidate is a strong individual contributor who is eager to deepen their expertise in security architecture while working alongside experienced engineers across our Boston and Taipei offices.
Essential Duties and Responsibilities:
- Contribute to application and infrastructure security across the platform, supporting production launch and long-term scaling.
- Help harden authentication (OAuth/session handling) and API authorization patterns, including multi-tenant access control.
- Configure and maintain IAM policies, service accounts, and least-privilege access controls across cloud infrastructure.
- Secure data flows including file uploads, signed URLs, database access, and secrets management.
- Set up and maintain security monitoring, logging, and alerting systems.
- Build and maintain security tooling integrated into CI/CD pipelines, including SAST, DAST, and dependency scanning.
- Perform regular security assessments, dependency audits, and penetration testing.
- Support incident response and contribute to root cause analysis.
- Collaborate with the engineering team on secure development practices and help document security controls and incident response procedures.
Knowledge and Skills:
- Familiarity with cloud security on GCP or equivalent platforms, including IAM, VPC, IAP, Secret Manager, and Cloud Armor.
- Solid understanding of OAuth, session security, and multi-tenant authorization patterns.
- Experience with security scanning tools (SAST, DAST, dependency scanning) and integrating them into CI/CD workflows.
- Ability to work confidently in a rapidly changing, fast-paced and results-oriented corporate environment where a high degree of flexibility is required
- Excellent written and verbal communication skills in English
Required Qualifications:
Years of Education
- Bachelor's degree or higher in computer science, information security, or a related field.
Work Experience
- 8+ years of experience in application or infrastructure security roles.
- Hands-on experience securing production web applications, preferably in Node.js/Next.js environments.
Preferred Qualifications:
- Experience with Terraform security hardening is a plus.
- Strong verbal and written communication skills, including the ability to document security controls clearly.
- Penetration testing experience is a plus.
- Flexibility to attend virtual meetings with the Taiwan-based team at least three nights per week.
Working Conditions:
- Typically working in an office environment
- This is an IN-OFFICE position in Boston, MA
- Requires sitting, operating a computer keyboard, telephone and other office equipment for extended periods of time
- Travel requirements 10% travel, domestic/international
$164,000 - $237,000 annually is the estimated pay range for this role working in Boston, Massachusetts office. The final amount will be determined based on qualifications & experience of the candidate relative to the role. Our comprehensive employee benefits include bonuses, medical, dental, vision, life insurance, AD&D insurance, Paid Time Off, EAP, & 401(k).