Senior Principal Engineer, Product Security (Cybersecurity)

TL;DR

Senior Principal Engineer, Product Security (Cybersecurity): Responsible for designing, developing, and maintaining secure software products across hirify.global's portfolio, with an accent on architectural influence for hardware/software interfaces, threat modeling, and SDL management. Focus on supporting security audits, defining supply chain security, and improving vulnerability management practices.

Location: Santa Clara, CA. Applicants must be eligible to access export-controlled information as defined under applicable U.S. law, typically requiring U.S. citizenship, lawful permanent residency, or protected individual status.

Salary: $168,920–$253,000 per annum

Company

hirify.global develops semiconductor solutions for data infrastructure, enabling enterprise, cloud, and AI markets globally.

What you will do

• Architect and influence current and future hardware and software designs, including HW/SW interfaces and algorithms.
• Generate and drive threat models for software components and products overall.
• Collaborate with customers to understand their security requirements for products.
• Manage the Security Development Lifecycle (SDL) for software and solutions.
• Support security audits and compliance (software vulnerabilities, fault injection, penetration testing).
• Define and coordinate supply chain security, including code/artifact signing and traceability.
• Work with the Vulnerability Management (PSIRT) team to improve best practices for identifying and mitigating product security vulnerabilities.

Requirements

• Bachelor’s degree in Computer Science, Electrical Engineering, or related fields with 10-15 years or Master's degree with 5-10 years of experience.
• Proven experience as a senior technical leader with strong communication skills.
• Deep knowledge of product security from software perspectives, with hardware preferred.
• Ability to drive product security requirements and processes across multiple markets.
• Experience with threat modeling across diverse software projects and identifying threats in modules.
• Strong understanding of encryption and authentication algorithms (e.g., AES, PQC, SHA, Caliptra, SPDM, DICE, TLS, TDISP).
• Experience with Linux-based systems and embedded firmware development.
• Solid understanding of C/C++ and Rust.
• Familiarity with Security Development Lifecycle (SDL) and ability to drive its adoption.
• Understanding of hardware-based root of trust, including provisioning flows and secure key management.
• Applicants must be eligible to access technology and/or software subject to U.S. export control laws.

Nice to have

• Experience with product and supply chain vulnerability management.
• Background in conducting security audits and ensuring compliance with relevant standards.
• Familiarity with a range of product types, from large silicon compute devices to small embedded cable connectivity devices.
• Awareness of open-source security frameworks and customer expectations around transparency.

Culture & Benefits

• Comprehensive total compensation package including base, bonus, and equity.
• Health and financial wellbeing benefits, including flexible time off and 401k.
• Additional perks like a year-end shutdown, floating holidays, and paid time off to volunteer.
• Commitment to fair and authentic hiring practices.
• Strict policy against using AI tools (e.g., ChatGPT) during interviews.