Product Security Engineer

Yubico’s mission is to create a safer internet for everyone. Our core invention, the YubiKey, hardware-based token, revolutionized secure logins for top Internet brands, including Google and Facebook, and for millions of users in 160 countries. We are seeking experienced Product Security Engineers to join our team and help create the next generation of security products.

The Role

Your assignment, should you choose to accept it, is to break our products before someone else does and introduce processes and tools internally to ensure it will never happen again.

You will collaborate with hardware, firmware, and software engineers to solve unique security challenges in everything from the latest YubiKeys and HSMs to web services. If you are looking for a fun challenge, are passionate about usable security, and want to work at a fast-moving company, this opportunity is for you! In this role you will be able to:

  • Work with a wide range of technology – from hardware to Web services
  • Build tools that help the engineering organization and your team
  • Make a visible impact on security of Yubico Products
  • Work collaboratively with your team and other engineering teams to solve problems

Roles and Responsibilities

  • Provide security guidance to our hardware, firmware, and software engineers
  • Conduct security testing for software and hardware
  • Conduct security code reviews in a variety of languages
  • Work with other engineers to design secure products
  • Work across the engineering organization to improve software development practices with a combination of automation and process improvement

Required Skills & Experience

  • 3+ years working with products and services to improve security for customers
  • Proficiency in threat modeling
  • Proficiency in code reviewing C/C++, Python, and Java
  • Proficiency in scripting and programming
  • Knowledge of common software security issues such as OWASP top 10

Optional Skills and Experience

  • 3-5 years of software development or firmware engineering experience either as a developer or as a security engineer
  • Firmware or hardware engineering experience
  • Bachelor’s or master’s degree in Computer Science, Electrical and/or Computer Engineering, or similar fields
  • Knowledge of WebAuthn, OATH HOTP, OATH TOTP, U2F, PIV, and/or OpenPGP
  • Experience developing solutions on Google Cloud, Azure, or AWS
  • Proficiency in code-reviewing Go, Rust, C#, or PHP
  • Experience in targeted fuzzing and static code analysis

Job Details

  • Candidate must be able to travel to Silicon Valley and Seattle preferably two times per year
  • Start date: immediately
  • Hours: full time
  • Competitive salary + Bonus + Benefits + Stock options

Excerpt

Stockholm, Sweden – Yubico seeks a Product Security Engineer to help build the next generation products for a safer Internet.

About the Company
Yubico’s mission is to create a safer Internet for everyone. Our core invention, the YubiKey, secures logins for 9 of the top 10 internet brands, including Google and Facebook, and for millions of users in 160 countries. Collaboration and innovation are at the core of our culture, as we expand to more advanced software and services for encryption and Internet of Things (IoT). We are a fast growing, profitable, and multinational company, offering an opportunity to bring your ideas to life with our global team.
Please apply here.
Yubico is an affirmative action employer and is committed to the practices of equal opportunity and affirmative action in all aspects of employment.