Yubico’s mission is to create a safer internet for everyone. Our core invention, the YubiKey, secures logins for 9 of the top 10 internet brands, including Google and Facebook, and for millions of users in 160 countries. Collaboration and innovation are at the core of our culture, as we expand to more advanced software and services for encryption and Internet of Things (IoT). We are a fast growing, profitable, and multinational company, offering an opportunity to bring your ideas to life with our global team.
Yubico is seeking an experienced Product Security Engineer to join our team and help create the next generation of security products.
You will work closely with our software, firmware, and hardware development teams to solve security challenges nobody else has even considered. You will define a flexible and secure development process that provides the right security input at the right time, while enabling our engineers to build innovative products. You will work closely with hardware, firmware, and software engineers on everything from the latest YubiKeys and HSMs to ensuring that we have a secure and flexible web experience for our customers. If you are looking for a fun challenge and the chance to define a software security practice in an exciting and fast-paced startup environment, this opportunity is for you! If you want to tell the world how you made our products even better, that’s great too.
Tasks & Responsibilities
- Work with the Chief Security Architect to define and implement a secure software development program
- Define and assist in implementation of security goals for all our products
- Define and implement a workload prioritization scheme to ensure that the most critical offerings receive the right level of attention
- Provide security guidance to our hardware, firmware, and software engineers
- Conduct threat modeling exercises across the range of products and services
- Conduct software and hardware testing for common vulnerabilities in both a black box and white box fashion, including fuzz testing
- Define, acquire/build, and implement security test frameworks that also enable software unit and feature testing
- Conduct security code reviews in a variety of languages
- Solve security design issues in conjunction with product engineers
- Build and deliver security training on secure development practices and threat modeling both internally and externally
- Define new security practices and tell the world about them
Required Skills & Experience
- 3-5 years of software security experience
- 3-5 years of software or firmware engineering experience
- Proficiency in Git and standard Linux/Mac development tools
- Proficiency in threat modeling
- Proficiency in code reviewing C/C++, Python, Java, and shell
- Familiarity with common software security practices, such as fuzz testing
- Experience with open source security tools
- Experience with Mac and Windows development
- Expertise in web security practices and common problems, including HTTP/REST
- Experience working with a geographically diverse team
Optional Skills & Experience
- Firmware development is a major plus
- Bachelor’s or master’s degree in Computer Science, Electrical and/or Computer Engineering, or similar fields; or equivalent experience
- Knowledge of FIDO U2F standard, smart cards, and cryptography is a major plus
- Experience developing solutions on Google Cloud, Azure, and AWS
- Scripting and test automation experience is a major plus
- Proficiency in code-reviewing Go, Rust, C#, or PHP
- Candidate must be able to travel to other offices in Silicon Valley and Seattle. Expected travel frequency is at least quarterly
- Start date: immediately
- Hours: full time
- Competitive salary + benefits + stock options
Yubico sets new world standards for simple, secure login, preventing unauthorized access to computers, servers, and internet accounts.
Founded in 2007, Yubico is privately held with offices in Stockholm, Seattle and Palo Alto. We are 50 employees working on the vision to enable internet users to have one single and secure key for securing access across from any device to any number of services.
We are looking forward to hear from you. Send your application with or without resume by clicking the button below!