Sr Prod Sec Eng - Devices

Optimum is a leading provider of Mobile, Broadband (DOCSIS, Fiber) and Video services in the United States for Business and Residential Customers. We are looking for a passionate and engaged individual who is willing to take on the challenge of scaling product security at a Fortune 500 company and building the cyber security foundation that will allow our development teams to Go Fast!

The Product Security organization helps Optimum move faster, securely. We're a team of engineers who work to enable other teams to build products as quickly as possible while continuing to protect our customers. We support developers in shipping secure code by building security tools and services, providing security training and expertise, and advocating for best practices in authentication, authorization, and safe data handling across the company.

As a Product Security Engineer focusing on embedded systems security for video, broadband, and Wi-Fi products, you'll be a trusted partner, collaborating closely with engineering and product teams to ensure security is a cornerstone of every product. You will partner with leadership to shape product strategy, advocate for strong security controls, and influence future product iterations, and serve as an industry expert in device security engineering practices and standards. By leveraging your deep industry knowledge, you'll lead the charge in implementing secure architecture and design principles, ensuring early detection and prevention of vulnerabilities. Your expertise in security assessments and software engineering will help identify and mitigate potential threats, while your mentorship and training efforts will foster a security-first culture.

• Collaborate with engineering and product teams to integrate security and secure-by-default guardrails into the product lifecycle, ensuring that security is a core consideration in all design and development decisions.
• Conduct Threat Modeling and Risk Assessments from the early stages of the product development lifecycle to identify, assess, and prioritize security risks, enabling proactive mitigation strategies.
• Perform rigorous security testing and reviews to uncover and address security weaknesses.
• Lead initiatives automating security processes from the developer workstation to cloud, SaaS, and datacenter environments.
• Foster a security-first culture by educating and empowering engineering and product teams through training, awareness campaigns, and mentorship, cultivating a strong security mindset.
• Stay updated on the latest security threats, vulnerabilities, and technology trends, and proactively implement improvements.
• Contribute to incident response efforts, investigate root causes, and implement corrective actions to minimize impact and prevent future occurrences.
• Conduct penetration testing, reverse engineering, and vulnerability research against firmware, hardware interfaces, and device software to surface real-world attack paths before adversaries do.
• Establish and operate Software Bill of Materials (SBOM) management, CVE triage, and coordinated vulnerability disclosure processes for connected devices throughout their lifecycle.
• Define and uphold secure-by-design requirements aligned to recognized IoT and embedded security standards (e.g., NIST IR 8259, ETSI EN 303 645, OWASP IoT Top 10).

• Bachelor's degree in Computer Science, Electrical Engineering, or a related field. Master's degree is a plus.
• 5+ years of hands-on experience in software engineering and designing and delivering security-critical systems for internet-connected embedded devices.
• Proven expertise in embedded systems and product security, with a strong understanding of modern software development processes and methods, security best practices, threat modeling, and risk assessment.
• Excellent communication skills, both written and verbal, and the ability to communicate complex security concepts to technical and non-technical audiences, including senior leadership.
• Proven ability to establish credibility and build trust with engineers and operational staff.
• Expertise in conducting comprehensive threat modeling, risk assessments, and code reviews to identify and mitigate vulnerabilities.
• Experience utilizing and securing AI/ML models and AI-integrated solutions, a general understanding of AI concepts, AI governance and risk management, and a willingness to learn more.
• Proficiency in secure SDLC practices and practical experience with CI/CD pipelines and DevOps tools.
• Experience overseeing vulnerability and threat management at the platform and device levels.
• Strong understanding of cryptography and key management use cases.
• In-depth knowledge of networking protocols, peripheral and firmware security, secure boot, embedded Linux security, Android or iOS security, and PKI.
• Experience working with special purpose security hardware such as Trusted Platform Modules (TPMs) and Hardware Security Modules (HSMs).
• Proficiency in C and C++ for embedded software development and one or more modern programming languages like Golang, Python, Node, and Java.
• Hands-on experience with hardware-level security testing techniques, including JTAG/SWD, UART, SPI/I2C debug interfaces, firmware extraction, fault injection, and side-channel analysis.
• Working knowledge of reverse engineering and analysis tooling such as Ghidra, IDA Pro, Binary Ninja, binwalk, QEMU, and common debuggers across ARM, MIPS, and RISC-V architectures.