Samsung Semiconductor, Inc.
Engineering - Software • San Jose, California
Senior Manager/ Security Architect
Location: San Jose, CA
Our Team: The Samsung ARTIK security architecture team is a team of highly seasoned hands-on architects responsible for defining technical strategy, architecture, detailed requirements, protocols and solutions for our IOT platform security and then work with engineering and program management for their implementation. We are also responsible for researching, evaluating and introducing latest technology such as blockchain and machine learning into our offering. The security team is also responsible for managing existing vulnerabilities as well as proactive "security by design" approach in all aspects of ARTIK, from HW and SW to connectivity and cloud.
You: You are an experience hands on security architect, with a can do and will do attitude, and a strong communicator that is in relentless evangelistic pursuit of security. You are good at coding and SW security, have strong understanding of security protocols and systems, good understanding of cryptography and and love to find, define and solve problems by finding solutions in industry, academia, startups or inventing new solutions yourself and bring them inside.
- Understand issues and specify hardware/embedded security solutions, such as secure/ verified boot, key provisioning, Trusted execution, Device SW/ SDK to HW security interaction/ API. Investigate and evaluate latest trends from industry
- Define requirement and specifications for security for IOT solutions, such as device management, FW update, Cloud connectivity, device onboarding, identity management and data access control
- Educate engineering on Application and Software security requirements, testing and incident response matters. Work to establish process for integration of the tools with the build and QA process. Help out with incident response on matters related to OS and application SW.
- Assist or perform security vendor/ partner selection and propose way forward
- Minimum 3-5 years as system security architect or related roles, responsible for analyzing and specifying security architectures and protocols
- Experience with/ deep understanding of of security protocols and standards such as TLS, PKI, key management, identity and authentication for entities and data (e.g. REST API w OAUTH), preferably hands experience with crypto tools such as openSSL
- Good understanding of how to use common cryptographic algorithms such as RSA, AES, ECDSA
- Experience with device security concepts, such as ARM Trustzone/TEE, secure storage, secure boot, HW security APIs,
- Operating system security (Linux and preferably RTOS) and embedded system software security
- Good communications (verbal and written) skills to write technical specifications for engineering team and patience to educate developers, product management to drive security agenda,
- Familiarity with Blockchain smart contract and proof of stake mechanisms
- Threat modeling, creating web application security requirements and identifying web application vulnerabilities (minimum OWASP up to ASVS), experience with SAST and pen testing tools, and their integration with SW development (agile is plus) process and tools
- Knowledge of AWS/ cloud security concepts in particular related to data at rest protection
- Experience with setting and managing incident response or security policy.
- Knowledge of compliance frameworks such as HIPAA, PCI, SOC, FedRamp
The Samsung Strategy & Innovation Center (SSIC) is Samsung's global network of innovators, technologists, investors, and makers. It was launched in 2013 by the President and Chief Strategy Officer of Samsung Electronics with a mission to incubate and build world-class capabilities for existing and new businesses. Our approach is unique and open, we develop and accelerate groundbreaking technologies by working in collaboration with entrepreneurs and other strategic partners, and through early-stage and growth investments (Catalyst Fund and Samsung Ventures), which are committed to discovering solutions for connected devices. We are located in San Jose, CA and have offices in San Jose, Tel Aviv, London, Paris and Seoul.