Product Security Engineer

March 5

Apply Now

Receive Emails with Similar Jobs

Inmar Intelligence

WebsiteLinkedInAll Job Openings

Inmar Intelligence is a company dedicated to using data and technology to empower brands, retailers, and healthcare companies to improve consumers' lives. They specialize in activating data to enhance shopper engagement through Martech solutions, optimize healthcare supply chains, and manage product returns efficiently. Inmar Intelligence integrates artificial intelligence to make data-driven decisions, helping to save shoppers money, improve healthcare safety, and reduce landfill waste. The company focuses on driving consumer loyalty, improving patient safety, and enhancing pharmaceutical returns, promoting a more sustainable and cost-effective environment for both businesses and consumers.

promotion management and settlement • digital promotion • promotion consulting • third party pharmacy receivables • reverse logistics

1001 - 5000 employees

Founded 1983

🤖 Artificial Intelligence

🛍️ eCommerce

📋 Description

• The Product Security Engineer is responsible for conducting comprehensive security assessments on various products, including mobile applications, IoT hardware/firmware, compiled software, and browser extensions. • This role involves identifying vulnerabilities, developing mitigation strategies, and collaborating with cross-functional teams to enhance security. • The engineer will use both offensive and defensive security tactics to safeguard products and manage third-party risk. • This role contributes to the organization's mission by safeguarding the supply chain and managing third-party risk. • Conduct comprehensive security assessments of mobile applications, IoT hardware / firmware, compiled software and browser extensions. • Perform reverse engineering and vulnerability analysis, and penetration testing to uncover security risks. • Analyze binary file formats (PE, ELF, Mach-O) and runtime behaviors for security flaws. • Review browser extensions and software plugins for security flaws and compliance with best practices. • Perform product data analysis to identify potential vulnerabilities and determine access scope. • Collaborate with cross-functional teams (e.g. - engineering, product, and security) to enhance security measures and improve resilience against cyber threats. • Develop and recommend mitigation strategies and risk profiles for identified vulnerabilities. • Document findings and communicate security recommendations to both technical and non-technical audiences. • Maintain organizational product inventory with security assessment status and secure configuration requirements. • Responsible for the production and maintenance of security documentation, such as bill of material repositories and analytical procedure guides.

🎯 Requirements

• Bachelors of Science in a related field, such as Computer Science, Electrical Engineering, or Cyber Security • 5-7 years of relevant experience in software exploitation, reverse engineering, malware analysis, or related field; or any equivalent combination of experience and training that provides the required knowledge, skills, and abilities needed to complete the primary job responsibilities • Proficient in using debuggers, decompilers, and disassemblers to analyze code for vulnerabilities across various CPU architectures, including ARM and RISC-V. • Strong understanding of binary file formats like PE, ELF, and Mach-O, enabling analysis of applications for security flaws • Skilled in low-level data extraction and analysis using tools like QEMU and Verilog to identify and verify vulnerabilities through emulation • Knowledgeable about Linux loaders, binary packing, and embedded systems tools such as BusyBox, binwalk, and u-boot • Experienced in capturing and analyzing network traffic, including using tools like tcpdump and Scapy to dissect proprietary protocols • Experienced in BOM enumeration and leveraging tools like CycloneDX for inventory and risk assessment. • Strong analytical and problem-solving skills, with a keen eye for identifying and mitigating security risks. • Excellent communication skills for documenting findings, providing security recommendations, and effectively disclosing vulnerabilities to technical and non-technical audiences.