Embedded Security Engineer

Location: US, MA - Framingham

Time Type: Full time

Job Description

At Bose Corporation, we believe sound is the most powerful force on earth — and for over 60 years, we have been a company built on innovation, excellence, and independence. Privately owned, fiercely customer-focused, and driven by our values, we continue to lead industries and transform lives through sound. 

  

Today, Bose Corporation is entering an exciting new era. Across multiple global Business Units and Global Functions, we are shaping the future of audio technology, automotive, luxury, and premium experiences. We invite you to join us in this transformation. 

Job Description

Join the future of product security at Bose

At Bose, security and stability are the two pillars of our product innovation. We are seeking for a Security Engineer to support the security initiatives for our consumer electronics products. You will play a central role in product security, and have the ability to improve the product security program to meet higher level enterprise security objective. With new products launching every year, there is a constant need to ensure security in our on-the-go and in-the-home platforms. The ideal candidate has extensive secure software development experience in a fast-paced, agile product environment. Join our product security team to power the next wave of innovation at Bose.

Principal Duties and Responsibilities

As a Security Engineer, you will work as an integral part of the Product Security team to embed security practices into every aspect of the secure development pipeline. Our development philosophy is to enable developers to write secure code faster. 

Responsibilities for this job include:

• Architecting and designing products to guarantee secure practices, data confidentiality, system integrity 

• Engineering and implementing ARM Trust Zone secure applets, implementing a cryptographic IOT device identity and root of trust

• Streamlining secrets, key management, cryptography, and credential management

• Defining Security requirements and conducting security assessments

• Architect and implement protections for intellectual property, including anti-reverse engineering, secure firmware distribution, and debug interface lockdown

• Ensure compliance with applicable security regulations and standards (e.g., EU CRA, ETSI EN 303 645, NIST) and support audits and certifications

• Advising engineering peers on security matters in the form of architectural guidance, code/design reviews, and solution development 

• Improving vulnerability discovery, patching process, and leading responses to external security threats

• Code independently with minimal oversight and design system architecture with guidance 

• Collaborating with cross-functional teams like product firmware, devops, cloud engineering, manufacturing, and program management.

• Performing security testing on products and supporting with the security fix implementations

• Designing and maintaining private X.509 and JWK chains of trust used for validating authenticity of portable audio devices 

• Stay up-to-date on security news, relevant technologies, plug into user groups, understand trends and security opportunities

• Be a stakeholder on interdisciplinary teams advocating for security 

Qualifications

• Experience developing for embedded systems and Linux platforms in C, C++ 

• Strong knowledge of cryptographic theory and engineering including encryption, hashing, signing, digital certificates and hardware security modules (HSMs) 

• Building internal security applications with cryptographic guarantees such as firmware encryption and signing, custom developer enablement tools, secure asset provisioning, etc. 

• Experience aligning embedded product security practices with regulatory and compliance requirements (EU CRA, NIST, ISO 27001, IEC 62443 or similar frameworks)

• Experience implementing IP protection and anti-tamper mechanisms in embedded systems, including secure boot enforcement, firmware encryption, and hardware debug port protection

• Experience mitigating dependency or code-level defects including memory-management issues, input validation, timing attacks, broken authentication, side channels. 

• Experience with computer networking with a focus on security and IOT applications 

• Bachelor's degree in Computer Science, or equivalent. A master’s degree is beneficial

• 6 or more years of industry experience working in firmware development with a focus on security. An advanced degree can contribute towards experience

What you can expect at Bose

• Working with wicked smart, super cool people

• A business commitment to security, stability, and quality

• Competitive salary, benefits, and pension

• A culture of excellence, respect, opportunity and passion for innovation

At Bose, you're inspired to be and do your best and are rewarded for your unique talents! Our compensation is thoughtfully tailored to your skills, experience, education, and location, and goes beyond base salary. The hiring range for this position in the primary work location of Framingham, Massachusetts is: $142,600-$196,000.The hiring range for other Bose work locations may vary. In addition to competitive base pay we offer rewards including bonus programs, comprehensive health and welfare benefits, a 401(k) plan, plus exclusive perks designed to support your wellbeing, and a generous employee discount where you can immerse yourself in our products and experiences. We are a proudly independent company—driven by purpose, guided by our values, and united by a belief in the power of sound. As the world leader in audio experiences, we’re creating what’s next—pushing boundaries and delivering transformative sound experiences for people everywhere. Join us and make your next career move a mic-drop. Let’s Make Waves.

‎

Bose is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status, or any other legally protected characteristics. The EEOC’s “Know Your Rights: Workplace discrimination is illegal” Poster is available here: https://www.eeoc.gov/sites/default/files/2023-06/22-088_EEOC_KnowYourRights6.12ScreenRdr.pdf. Bose is committed to providing reasonable accommodations to individuals with disabilities. If you require reasonable accommodation in completing this application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please direct your inquiries to [email protected]. Please include "Application Accommodation Request" in the subject of the email.

‎

Our goal is to create an atmosphere where every candidate feels supported and empowered in the interviewing process. Diversity and inclusion are integral to our success, and we believe that providing reasonable accommodation is not only a legal obligation but also a fundamental aspect of our commitment to being an employer of choice. We recognize that individuals may have different needs and requirements based on their abilities, and we provide reasonable accommodations to ensure ideal conditions are met during the application process.