Product Security Analyst
Overview
As a Product Security Analyst at Toradex, you’ll be responsible for the implementation, validation, and maintenance of security features in Toradex’s embedded software stack. That means hands-on, low-level work with bootloaders, Linux kernel security features, secure software updates and more.
We aim to make embedded software development easy and approachable, which means that our engineers have to go beyond just feature enablement. Your work will involve making the developer experience of working with low-level security features as smooth as it possibly can be. You’ll work on systems used in critical industries like healthcare, industrial automation, and robotics.
Responsibilities
Security feature enablement
Bring up security features on new hardware. Every new product we release, we strive to have a uniform, straightforward experience for enabling basic hardware security features like secure boot, ARM TrustZone/OP-TEE, and hardware-backed encryption.
System-level hardening
Toradex maintains Torizon OS, a secure, production-ready embedded Linux OS. Making sure that security features fit into the whole stack, and that configurations are secure-by-default for the most common and supported workflows is a key part of the job. Understanding how everything fits together is a must.
Vulnerability management
Monitor upstream CVEs, assess their impact on Toradex products and their likely impact on Toradex customers' products. Apply patches and mitigations. Help draft security advisories and write VEX documents. Work on and maintain internal tooling for vulnerability management.
Security testing and automation
Automate test coverage of security features. Familiarity with LAVA or other hardware-in-the-loop embedded testing methodologies and frameworks is a strong plus.
Note: You don’t necessarily need experience/expertise in all of these areas to apply, but some experience with at least two of these 4 areas would be a good indicator of fit.
Qualifications and Experience
Bachelor’s or Master’s degree in Computer Science, Electrical Engineering, Cybersecurity, or equivalent experience
Advanced communication skills in English, written and spoken
Available to work Hybrid from Toradex Office in Campinas/SP.
3+ years of experience in embedded systems security or adjacent areas (e.g. Linux security engineering)
Solid C/C++ coding and debugging skills
Experience with automating security checks in CI/CD pipelines
Knowledge of threat modeling/risk modeling methodologies and how they relate to regulatory and standards compliance is a plus
Knowledge of security evaluation and analysis tools like fuzzers and static analysis tools is a plus
Hands-on experience with bootloaders (e.g., U-Boot), kernel security features, and embedded Linux distributions/build systems (Yocto/OpenEmbedded, buildroot, etc.) is a plus
What we offer