Salary Range: $107,000.00 - $152,500.00
IntroductioniRobot is in immediate need of a Senior Engineer on its Product Security team who is experienced in applying security best practices and principles to the design, development, and maintenance of AWS Managed Service architecture, and to the mobile applications written for the most common platforms and languages. iRobot leads the market in consumer robotics and enabling the smart home, and the cloud infrastructure underpins its millions of connected robots, while the mobile application connects our millions of customers to their robot devices.
The responsibilities will require a mix of partnering with development teams to assess new designs for potential security issues, and designing and building centralized security services, test frameworks, and integrated testing tools for use in automated build pipelines.
What You Will Do:- Assess new cloud designs and mobile app feature changes for potential security vulnerabilities.
- Evaluate production and test builds of cloud services and mobile applications for adherence to security best practices.
- Develop guidelines for security of products based on industry standards.
- Triage reported vulnerabilities from the field across a spectrum of sources and determine impact, priority, and risk.
- Design and build secure cloud services that centralize critical security functionality.
- Implement test frameworks for automated security validation testing of cloud and mobile deployments.
- Work with the latest SAST/DAST tooling, AI-powered and traditional, to evaluate and report on flaws and vulnerabilities to the development teams.
- Ensure the components meet the regulatory needs of every market within which iRobot products are sold.
- Engage third-party and AI services for penetration testing, red team exercises, threat modeling, and more.
To Be Successful You Will Have:- 7+ years designing, building, and deploying AWS-based managed service infrastructure, with at least 2 years as a security champion within a development team
- Extensive knowledge and practical experience designing, building and deploying secure serverless, API-based services with a deep understanding of the standard callflow of managed service architecture: Gateway to Work Process to Storage to Access
- Deep knowledge of authentication protocols and technologies, including IAM, SSO, OAuth 2.0, and RBAC
- Experience building mobile apps for iOS and Android, with a deep understanding of the security best practices of each
- Understanding of, and alignment with, OWASP standards and best practices, including the OWASP Top Ten lists
- Strong understanding of AWS policy hierarchy, and practical knowledge of Organizations, SCPs, IAM, et al
- Python and Node/ JavaScript proficiency
- Practical experience constructing architecture risk assessments and leveraging standard security tooling to build empirical evidence in support of those assessments
- Preferred: experience at a consumer product company