Remote job description
Bringing self-driving vehicles to our roads is the most transformative opportunity of our generation. Aurora is taking a fresh start with the development of self-driving technology, combining excellence in AI, rigorous engineering, and a team with decades of experience building robots that work.
Led by a team of seasoned experts, our mission is to deliver the benefits of self-driving technology safely, quickly, and broadly. We are designing the software and hardware to power the transportation of our future that will make our roads safer, give more people access to mobility, and reduce congestion and pollution in cities - improving the quality of life for all. The challenge in what we are endeavoring to achieve is transcendent; we are developing perhaps the world's most complex computing system and asking it to perform the task of transporting and keeping safe our most precious asset: human life.
Aurora hires people who are excited to build the future of transportation.
Role
Aurora's Product Security team's mission is to design security into all software, hardware, and services developed by Aurora.
Our team is responsible for the secure design and implementation of technology built for the onboard vehicle platform and the cloud services with which the vehicle communicates. In addition to performing architecture reviews, building threat models, executing code reviews, and fuzzing Aurora's products, we also perform vendor security assessments, manage externally reported security vulnerabilities, and perform red teaming exercises.
- We are searching for an experienced application security engineer to join us on this mission.
- Job level is negotiable based on experience. Remote work is approved for US-based employees, including for post-pandemic.
Responsibilities
- Perform architectural design reviews of software, hardware, and services
- Create threat models for Aurora's products
- Review code written by Aurora's software engineers and discover vulnerabilities in implementation
- Execute dynamic penetration testing on Aurora's software, hardware, and services
- Develop scripts and tools to assist with security assessments, and to automate security scans
- Assist development teams in driving their secure SDLC
- Perform vendor security assessments to determine the security posture of prospective vendors
- Assess the security of third-party applications to ensure they can be trusted to handle Aurora's data
Essential
- Experience performing architectural design reviews and finding security risks based on design documents, architectural diagrams, and threat models
- Experience performing code reviews and finding vulnerabilities in proprietary code written in low-level languages (such as C/C++) and high-level languages (such as Python and Golang)
- Experience performing dynamic testing of software and services
- Solid understanding of the CWE Top 25 and OWASP Top Ten
- Ability to assess the risk of given vulnerabilities, recommend mitigations, and review developers' fixes
- Ability to write scripts and tools to assist with security automation
- Ability to communicate effectively with technical and non-technical audiences
- Minimum 8 years of experience in the information security space
Desirable
- Foundational knowledge of firmware security and hardware security, specifically in the automotive space
- Foundational knowledge of cryptography and network security protocols such as SSL/TLS
- Experience creating threat models
- Experience performing dynamic testing of hardware
- Experience with fuzzers such as boofuzz and honggfuzz
- Experience writing and reviewing Terraform code
- Ability to write production-quality code that can be included in our public-facing products
- Foundational knowledge of cloud security, specifically AWS
- Experience with TPM security and trusted boot
- A history of giving back to the security industry via open source contributions, published papers, or conference presentations
Working at Aurora
Our work has real purpose. Delivering the benefits of self-driving will save lives around the world, expand access to transportation, revitalize cities, and give people time back every day.
We're one team. We're inspired by the challenge of what we're solving and the impact our work will have on society. Our camaraderie is built on respect for our work and the fundamental belief our success will be a result of working together.
The founding team
Aurora has assembled the most experienced leadership team in the space. Chris Urmson helped lead Carnegie Mellon's efforts in Darpa's Grand Challenges, then was a founding member of Google's self-driving team. Sterling Anderson worked on the tech at MIT before leading Tesla's Autopilot system. Drew Bagnell, also a Carnegie Mellon alum, is a machine learning expert who helped build Uber's autonomy effort. At Aurora, these three continue to bring experts from all areas of the industry to the team. We are funded by Amazon, T Rowe Price, and some of Silicon Valley's best venture capital firms, including Sequoia, Greylock and Index Ventures.
Summary
Aurora
Senior Application Security Engineer
Tags: hardware, mobility, software
-
location or timezone
-
category
DevOps and SysAdmin -
posted
1168 days ago
https://www.remote.io/remote-devops-and-sysadmin-jobs/senior-application-security-engineer-12301