Conduct security assessments across Arm's firmware, drivers and system software.
Review and advise on output of various Security Development Lifecycle (SDLC) stages such as threat modeling, security testing, including DAST, SAST, SCA
Enable engineering teams to implement various stages of Arm's SDLC independently
Provide consultation on specific areas of software security and on the application of SDLC to the engineering teams
Keep up-to-date with industry best practices and developments in software security.
Continuously improve Arm's approach to software security by refining software security best practices
Required Skills and Experience :
Deep knowledge and expertise in developing and reviewing software threat models.
Detailed experience in security concept design, mitigation analysis
Experience writing secure code, and designing secure software specifically for low level software such as drivers, firmware.
Demonstrated skills for secure code reviews (C/C++) of complex software projects.
Experience in automation using scripting languages (e.g., Python).
Experience in performing Software Composition Analysis using tools such as Black Duck.
Experience in implementing Security Development Lifecycle in an organization.
“Nice To Have” Skills and Experience :
Expericence working with Arm's open source software.
Knowledge of Arm assembly.
Delivered software security training.
Experience in configuration and creation of rules for SAST tools such as Coverity and SonarQube.
Experience working with relevant security certification schemes (e.g., PSA Certified, common criteria, SESIP) and international standards (e.g, ISO 21434, IEC 62443).