Offensive Firmware Security Engineer

Perform security architecture design review and threat analysis of firmware and hardware, to ensure security properties and robustness of our complex software products

Identify vulnerabilities in our firmware, build proof of concepts, and drive remediation via secure code reviews, fuzz and penetration testing

Recommend security controls, evangelize and drive adoption of new or improved tools, practices, and plans to increase product robustness and reliability.

Collaborate with engineers, customers, and/or partners to perform internal or external security audits on our products to ensure the security quality.

Respond to product security incidents, coordinate engineering teams and partners to solve security related issues

Work with other parts of our company on a broad range of technologies and initiatives to enhance security.

Research and exploit side-channel, fault, and advanced physical attacks

Requirement

BS+ in Computer Engineering, Computer Science, or Electrical Engineering.

7+ years of relevant work experience

Programming background in ARM/RISCV assembly, Python, C, C++, and/or RUST

Knowledge of embedded system architecture and security (e.g. Android/Linux, ARM trust zone, hypervisor/virtualization…etc.).

Knowledge of hardware/software vulnerabilities and their exploit techniques

Experience with security design review or threat modeling throughout hardware to software.

Experience with secure code review, analysis, vulnerability assessment, hacking/attack analysis.

Motivated by pursuing difficult and novel problems in a highly complex environment

Excellent at multitasking, organizing, and prioritizing complex projects to meet deadlines

Listens for nuances and digs into details to understand systems deeply

Preferred Requirement

experience on any automotive grade platform such as AUTOSAR, QNX, Android Automotive, etc.

JTAG, debugging, binary instrumentation frameworks, Reverse-engineering (IDA Pro, Ghidra)

ISO21434 or ISO 26262 compliance experience

TARA or HARA methodology and execution experience

CACSE (Certified Automotive Cyber-Security Expert) certificate

CACSP (Automotive Cyber-Security Professional) certificate

Salary range: $180,000- $260,000

Employee may be eligible for performance bonus, short and long term incentive programs. Actual total compensation will be dependent upon the individual's skills, experience and qualifications. In addition, MediaTek provides a variety of benefits including comprehensive health insurance coverage, life and disability insurance, savings plan, Company paid holidays, Paid time off (PTO), Parental leave, 401K and more.

MediaTek is an Equal Opportunity Employer that is committed to inclusion and diversity to all, regardless of age, ancestry, color, disability (mental and physical), exercising the right to family care and medical leave, gender, gender expression, gender identity, genetic information, marital status, medical condition, military or veteran status, national origin, political affiliation, race, religious creed, sex (includes pregnancy, childbirth, breastfeeding and related medical conditions), and sexual orientation.