To operate effectively in complex real-world environments, Boston Dynamics robots must collaborate seamlessly, connecting to customer networks and our cloud-hosted services. As a Product Security Engineer, you will partner with our robotics and software teams to implement solutions that secure our robots, applications, and cloud services.

This hands-on role blends technical security expertise with software engineering skills, contributing to the delivery of secure and usable products. You will engage in a variety of tasks, including defining practices and requirements, architecting systems, and implementing technical security mechanisms.

Examples of recent security initiatives by our teams include the deployment and review of our SSO implementation in both cloud-hosted and on-premises products, the design of the security architecture for BD’s first cloud product, and the creation of authentication protocols that support the needs of our robots.

Key Responsibilities:

• Design, develop, implement, and deploy software to make Boston Dynamics’ products resilient to attacks from adversaries.

• Develop and evolve security requirements for Boston Dynamics’ products and review system architectures, guiding security strategy for cloud-based applications.

• Perform code audits and test and evaluate our software to find bugs before attackers do.

• Triage and remediate security issues.

• Develop and oversee effective and scalable security operations practices.

• Socialize application security best practices.

Qualifications:

• B.S. or M.S. in Computer Science or related field, or equivalent experience

• 5+ years of experience as a software engineer with a focus on product security for cloud-based systems and web applications.

• Strong understanding of web application security principles, cloud security principles, and network security principles. Thorough understanding of issues documented in the OWASP Top Ten.

• Experience developing web software using web application frameworks and/or implementing cloud applications using infrastructure-as-code frameworks.

• Experience communicating with engineering audiences, including experience writing software documentation, design proposals, specifications, and threat analyses.

Nice to have:

• Experience implementing attacks against web application software and/or cloud infrastructures.

• Experience with security offerings from at least one of the following cloud providers: Amazon Web Services (AWS), Google Cloud Platform (GCP), or Azure.

• Familiarity with the Single Sign On (SSO) ecosystem, including SAML and OIDC.

• Experiencing developing software frameworks to broadly achieve security requirements.

• Experience in implementing security operations for cloud-based infrastructure, utilizing tools such as AWS GuardDuty (or similar) and Wiz (or similar cloud security posture monitoring tool).

• Performing vulnerability and dependency management using tooling integrated into CI/CD

• Understanding of Linux operating system security principles.

This position does have the opportunity to be remote. 

We are interested in every qualified candidate who is eligible to work in the United States. However, we are not able to sponsor visas for this position.

#LI-JM1