R&D Principal Software Engineer - Security Engineering

Job Description:

The Elevator Pitch: Why will you enjoy this new opportunity?

VMware by Broadcom products and services are trusted by various organizations for their mission critical systems. Many of these systems demand the highest confidentiality and are of extreme interest to nation state actors. The vSECR team within the VCF (VMware Cloud Foundation) Division at Broadcom is responsible for defending these products, services and their supply chains.

If helping find and fix security holes in these systems is your idea of a fun career, then you should come join this team. Working alongside other highly motivated and capable security engineers you will get first-hand experience in modern threats, attack, and defense techniques.

Success in the Role: What are the performance outcomes over the first 6-12 months you will work toward completing?

Security Engineers on this team are responsible for finding new vulnerabilities in VMware products and services, assessing threats, analyzing externally reported vulnerabilities, developing PoC exploits, utilizing exploit kits, providing vulnerability mitigations, virtual patches, workarounds and fix recommendations. They achieve this by performing feature security reviews, baseline security tests, fuzzing, reviewing/writing code, security tool development/integration, security architecture and other techniques.

In the first 6mths, you will be expected to become intimately familiar with the products/components and supply chain security concerns assigned to you. You should also be able to perform architecture reviews, assess threats, and perform security testing to find and fix security gaps in those components in collaboration with a member of your team. Within 1yr, you are expected to be fairly independent in doing product and supply chain security assessments as well as driving mitigations/remediations with product and service development teams.

The Work: What type of work will you be doing? What assignments, requirements, or skills will you be performing on a regular basis?

• Perform security architecture reviews for both our products, services and supply chain components like build/release pipelines, component sourcing, etc
• Methodically create/execute feature and system test plans and automate your efforts
• Perform an offensive analysis of VMware products and cloud services, with an assumed breach mindset and create formal threat models
• Use your code reading and writing skills to discover security defects as well as enable developer efficiency
• Perform RCCA and present on high profile vulnerabilities to executive staff
• Monitor and develop intelligence sources to maintain situational awareness of the cyber threat landscape
• Make entire kill-chain understandable for an engineering audience
• Proficient in Python and at least one of C/C++ or Java
• Bachelor's degree in Computer Science or related field and 12+ years of related experience or Masters degree in Computer Science or related field and 10+ years of related experience.