Firmware Security Engineer
- Stockholm, Sweden
Yubico’s mission is to create a safer internet for everyone. Our core invention, the YubiKey, a hardware-based token, revolutionized secure logins for top Internet brands, including Google and Facebook, and for millions of users in 160 countries. Collaboration and innovation are at the core of our culture, as we expand to more advanced software and services for encryption and Internet of Things (IoT). We are a multinational, fast-growing company, offering an opportunity to bring your ideas to life with our global team.
Yubico seeks a Software Security Engineer to help build the next generation of products for a safer Internet.
The Product Security team is responsible for ensuring Yubico develops and maintains secure products and services. As part of the Product Security team, your primary responsibility will be to collaborate with the hardware and firmware teams to integrate solutions that support secure design and development practices. You will also employ a combination of static and dynamic analysis methodologies to identify and remedy complex vulnerabilities across our products.
If you are looking for a fun challenge, are passionate about security, and want to work at a security-oriented company, this opportunity is for you.
- Define and evangelize requirements and guidance for secure by design and secure by default principles
- Implement automation to prevent and detect security flaws in all phases of development
- Conduct design reviews and manual security assessments
- Lead training and awareness sessions
- Define and implement metrics to provide visibility into the impact of your work
- Define, lead, and influence processes to secure products and services
- Identify and advocate for new and novel uses of Yubico’s technology
- Ability to travel to Yubico’s other offices two times per year
Required Skills & Experience
- 3+ years in a product security role
- 5+ years of software development
- Proficiency in threat modeling
- Proficiency in C
- Knowledge of common vulnerability classes
Optional Skills and Experience
- Bachelor’s or Master's degree in Computer Science or similar fields
- Knowledge of WebAuthn, OATH HOTP, OATH TOTP, U2F, PIV, and/or OpenPGP
- Proficiency in C++ or Rust
- Experience developing for ARM
- Experience in targeted fuzzing and static code analysis
We are an equal opportunity employer, we value diversity and uphold an inclusive environment where all people feel that they are equally respected and valued. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, gender expression, age, marital status, religion, national origin, veteran or disability status. We'd love to learn about what you can add to our diverse team.
Personal data submitted through this form is used for the legitimate business interests of managing Yubico’s recruitment and hiring related activities, which include setting up and conducting interviews and tests for applicants, evaluating and assessing the results thereto, and as is otherwise needed in the recruitment and hiring processes.
Your personal data will be retained in compliance with Yubico’s record retention policies, as long as necessary for the purpose for which it was collected including the consideration for relevant future employment opportunities.
If you do not want us to reach out to you or use your information as described herein please contact us at firstname.lastname@example.org to let us know and we will delete all such information. Providing your personal data is voluntary, but necessary to join our talent community, and if you do not agree to provide your data, we will not be able to consider you as part of our talent community
As part of providing the requested service, we will transfer your data to be processed by Lever, Inc., a service provider contracted by Yubico AB and/or its subsidiaries that meets legally mandated privacy requirements.The Yubico Privacy Notice offers more information about Yubico privacy practices, including the lawful basis for processing of personal data, how to lodge a complaint with the supervisory authority, and how to contact Yubico to exercise your data subject rights.
Back to top