Staff Software Security Engineer

Responsibilities:

• Conduct security assessments across Arm's firmware, drivers and system software.
• Review and advise on output of various Security Development Lifecycle (SDLC) stages such as threat modeling, security testing, including DAST, SAST, SCA
• Enable engineering teams to implement various stages of Arm's SDLC independently
• Provide consultation on specific areas of software security and on the application of SDLC to the engineering teams
• Keep up-to-date with industry best practices and developments in software security.
• Continuously improve Arm's approach to software security by refining software security best practices

Required Skills and Experience :

• Deep knowledge and expertise in developing and reviewing software threat models.
• Detailed experience in security concept design, mitigation analysis
• Experience writing secure code, and designing secure software specifically for low level software such as drivers, firmware.
• Demonstrated skills for secure code reviews (C/C++) of complex software projects.
• Experience in automation using scripting languages (e.g., Python).
• Experience in performing Software Composition Analysis using tools such as Black Duck.
• Experience in implementing Security Development Lifecycle in an organization.

“Nice To Have” Skills and Experience :

• Expericence working with Arm's open source software.
• Knowledge of Arm assembly.
• Delivered software security training.
• Experience in configuration and creation of rules for SAST tools such as Coverity and SonarQube.
• Experience working with relevant security certification schemes (e.g., PSA Certified, common criteria, SESIP) and international standards (e.g, ISO 21434, IEC 62443).