Description

Responsibilities:

  • Conduct security assessments across Arm's firmware, drivers and system software.
  • Review and advise on output of various Security Development Lifecycle (SDLC) stages such as threat modeling, security testing, including DAST, SAST, SCA
  • Enable engineering teams to implement various stages of Arm's SDLC independently
  • Provide consultation on specific areas of software security and on the application of SDLC to the engineering teams
  • Keep up-to-date with industry best practices and developments in software security.
  • Continuously improve Arm's approach to software security by refining software security best practices

Required Skills and Experience :

  • Deep knowledge and expertise in developing and reviewing software threat models.
  • Detailed experience in security concept design, mitigation analysis
  • Experience writing secure code, and designing secure software specifically for low level software such as drivers, firmware.
  • Demonstrated skills for secure code reviews (C/C++) of complex software projects.
  • Experience in automation using scripting languages (e.g., Python).
  • Experience in performing Software Composition Analysis using tools such as Black Duck.
  • Experience in implementing Security Development Lifecycle in an organization.

“Nice To Have” Skills and Experience :

  • Expericence working with Arm's open source software.
  • Knowledge of Arm assembly.
  • Delivered software security training.
  • Experience in configuration and creation of rules for SAST tools such as Coverity and SonarQube.
  • Experience working with relevant security certification schemes (e.g., PSA Certified, common criteria, SESIP) and international standards (e.g, ISO 21434, IEC 62443).

Education

Any Graduate