Back to Jobs
951 Sandisk Dr, Milpitas, CA Hybrid Full-time 194,425.00-322,092.00

Sandisk is hiring a Product Security Assurance Architect

Responsibilities

  • Conduct independent technical security assessments of firmware-driven products, and embedded platforms to identify security gaps, attack paths, implementation weaknesses, and residual risk.
  • Assess the effectiveness and completeness of implemented security controls, security mechanisms, and architecture decisions from an assurance and exploitability perspective.
  • Evaluate trust boundaries, privileged operations, manufacturing pathways, debug capabilities, firmware update mechanisms, and product lifecycle transitions for potential security weaknesses.
  • Evaluate the quality, completeness, and realism of product threat models and challenge assumptions through attacker-informed analysis.
  • Conduct exploitability and attack surface analysis across firmware and embedded systems, including: secure boot and roots of trust, authentication and authorization controls, secure firmware update paths, manufacturing and RMA workflows, debug interfaces (UART/JTAG), provisioning and lifecycle security, cryptographic implementations and key management approaches.
  • Partner with engineering teams to recommend practical, risk-informed mitigations and compensating controls.
  • Advance secure development lifecycle (SDL) effectiveness across product teams by assessing security rigor, implementation quality, and evidence readiness.
  • Evaluate effectiveness of product security activities including: threat modeling, secure coding practices, SAST and static analysis, SBOM and dependency management, vulnerability scanning, fuzzing and penetration testing, compiler hardening and secure build configurations, security validation evidence.
  • Help establish scalable assurance methodologies and minimum expectations appropriate to product risk and business objectives.
  • Partner with adversarial security engineering and product teams to evaluate realistic attack scenarios and challenge defensive assumptions.
  • Assess firmware attack surfaces and identify practical attack paths against embedded systems and storage products.
  • Translate security findings into durable engineering guidance and portfolio-wide lessons learned.
  • Partner with PSIRT and product teams to identify recurring vulnerability patterns and systemic product security weaknesses.
  • Translate security incidents, vulnerability trends, and field learnings into improvements in secure development and security assurance practices.
  • Support risk assessment and remediation prioritization for significant product security issues.
  • Support customer-facing technical security inquiries, security assessments, and product assurance activities.
  • Provide technically grounded assessments to support customer security questionnaires, product evaluations, and audit activities.
  • Strengthen product readiness for evolving security expectations, regulatory obligations, and industry cybersecurity frameworks.
  • Support executive and product leadership in understanding product security posture and residual risk.
  • Partner closely with: Platform Security Architects, Firmware Engineering, ASIC and hardware teams, Product Engineering, Quality and Validation, PSIRT, Product Security Assurance, External security assessment partners.
  • Drive outcomes through technical influence, collaboration, and pragmatic risk-based decision making.

Requirements

  • Independent technical security assessment experience
  • Exploitability and attack surface analysis across firmware and embedded systems
  • Evaluation of security controls, trust boundaries, privileged operations, manufacturing pathways, debug capabilities, firmware update mechanisms, and product lifecycle transitions
  • Threat modeling and attacker-informed analysis
  • Secure development lifecycle (SDL) assessment and improvement
  • Familiarity with secure boot, roots of trust, authentication, secure firmware updates, cryptographic implementations, key management
  • Experience with SAST, SBOM, dependency management, vulnerability scanning, fuzzing, penetration testing
  • Compiler hardening and secure build configurations
  • Security validation evidence evaluation
  • Cross-functional collaboration with engineering, firmware, ASIC, validation, and incident response teams
Required Skills
Penetration Testing
About company
Sandisk
Sandisk innovates in Flash and advanced memory technologies, delivering solutions that enable digital world needs with groundbreaking memory products recognized globally for performance and quality.
All jobs at Sandisk Visit website
Job Details
Department Software Development (Sys)
Category other
Posted 2 days ago