Your day-to-day will involve leading security architecture/design review and threat modeling sessions with product and engineering teams, translating threats into actionable, risk-rated engineering remediations prioritized by severity, conducting hands-on penetration testing and security assessments across our full product stack, and driving PSIRT operations by triaging incoming vulnerability reports, leading technical investigations, coordinating remediation with engineering, scoring severity (CVSS), managing coordinated disclosure with external researchers, and on-call incidents.

You will also shape the posture of our AI-assisted development environment, defining and enforcing enterprise policies for Claude and Cursor, and partner across the organization, sitting in design review with architects, advising product managers and engineering teams on security and compliance implications of new features, briefing executives on emerging AI threats, mentoring junior security engineers, and collaborating with the AI team on securing ML pipelines.

As a champion of security culture, you will run developer training on secure coding with AI assistants, evangelize security by design for products, and ensure every engineer understands that product security is an enabler and not a gate.

You will bring 10+ years of product security experience spanning application security, cloud security, and secure SDLC, expert-level threat modeling using STRIDE, PASTA, or equivalent across web, mobile, cloud, embedded, and AI systems, hands-on penetration testing skills across applications, API, cloud infrastructure, and hardware/firmware, and deep hands-down AI security expertise and expert-level understanding of OWASP Top 10 for LLM, API, Web, Mobile, and practical experience with MITRE.

You will have strong hands-on experience in security tools SAST, DAST, SCA, and securing AI development tools specifically Claude and Cursor, and understand MCP security risks and know how to architect enterprise guardrails that enable safe AI-assisted development.

You will also have strong programming ability and capability to review code, build security tools, automate workflows, and be credible with the engineering teams you partner with.

Preferred experience includes hardware and embedded security experience with knowledge of secure boot, firmware integrity, hardware root of trust, and IoT threat modeling experience, and experience in the Financial industry, knowledge of PCI DSS, COPPA, or demonstrated ability to learn regulated domains quickly.

Work perks at Greenlight include medical, dental, vision, and HSA match, paid life insurance, AD&D, and disability benefits, traditional 401k with company match, unlimited PTO, paid company holidays and pop-up bonus holidays, professional development stipends, mental health resources, 1:1 financial planners, fertility healthcare, 100% paid parental and caregiving leave, plus cleaning service and meals during your leave, flexible WFH, both remote and in-office opportunities, fully stocked kitchen, catered lunches, and occasional in-office happy hours, and employee resource groups.

XML job scraping automation by YubHub

Your excellent presentation and communication skills enable you to interact effectively across teams and at various levels within the organisations. You thrive in collaborative environments, always ready to help others succeed.

Key Responsibilities:

• Designing, optimising and testing physical security architectures (and SW) for cryptographic implementations across all Security IP products.

• Coordinating with Security IP product development teams for in-depth and effective physical security assessment, and deployment of countermeasures.

• Coordinating, preparing and driving validation and certification projects for security IP products by external evaluation labs.

• Providing consulting to R&D and management on security risk analysis of security IP products and giving input for product road maps.

Impact:

• Improving the overall physical attack resistance of our security IP modules, mitigating known and unknown risks and threats.

• Obtaining product security certifications which demonstrate the quality and security of our security IP products to customers.

• Further driving the successful adoption of an overall physical security mindset in the security IP R&D teams and contributing to product development through collaborative input and valuable feedback.

• Establishing and elevating Synopsys' market position as a leader in security IP product.

Requirements:

• PhD degree (equivalent by experience) in Electrical Engineering, Computer Science, or a related field, with 5+ years of relevant working experience.

• In-depth knowledge of and experience in digital security implementations (and SW) in the broad sense.

• Hands-on experience with side-channel attacks and countermeasures, and fault-injection analysis and countermeasures.

• Advanced understanding of practical modern cryptography and cryptographic standards.

• Prior experience with validation and certification projects by evaluation labs is a plus.

• Experience with RTL development, embedded SW development and FPGA-based prototyping is a plus.

Team:

The security engineering team is part of the Security IP group which offers market-leading products and solutions for embedded security applications. You will be part of a worldwide dedicated sub-team focusing on physical security of all Security IP products.

XML job scraping automation by YubHub

What you'll do

As a Senior DevOps Engineer, you will be responsible for the following tasks:

• Own and continuously improve the DevOps toolchain for embedded software and software, from source control to release artifacts

• Design, implement, and operate reliable CI/CD pipelines for firmware build, test, and release

• Drive automation to ensure reproducible, traceable, and scalable firmware builds

What you need

To be successful in this role, you will need the following skills:

• Senior-level experience as a DevOps Engineer, ideally in embedded software environments

• Strong hands-on experience with CI/CD pipelines and automation

• Solid understanding of embedded software development constraints in consumer electronics

• Experience with automated testing, simulation, or abstraction techniques for embedded systems

• Strong understanding of embedded security concepts, including signing and controlled release processes

• Broad technical expertise across Linux systems, build environments, and development tools

• High degree of ownership, reliability, and independent working style

• Clear, pragmatic communication skills

• Familiarity with the consumer electronics or computer peripheral industry and its product lifecycles

XML job scraping automation by YubHub