Product Security Assurance Architect

Benefits

Additional Information

Sandisk's Product Security Engineering & Assurance (PSEA) organization is seeking a highly experienced Product Security Assurance Architect to strengthen security assurance across SanDisk's firmware-driven products and storage platforms. This role is responsible for advancing product security through independent technical security assurance, exploitability analysis, adversarial security assessment, and product security lifecycle effectiveness across the portfolio. Working in close partnership with Platform Security, product engineering, firmware, ASIC, validation, and PSIRT teams, this position focuses on evaluating the effectiveness, completeness, and defensibility of implemented security controls and product security posture, helping ensure products are resilient against realistic threats and aligned with customer, business, and regulatory expectations. This role is distinct from embedded product security architecture and implementation functions. Product and Platform Security teams remain responsible for defining and implementing security architectures within products. This role focuses on independent technical assurance, attacker-informed analysis, security lifecycle maturity, and scalable product security risk reduction across the portfolio. Essential Duties and Responsibilities: Product Security Assurance & Technical Assessment Conduct independent technical security assessments of firmware-driven products, and embedded platforms to identify security gaps, attack paths, implementation weaknesses, and residual risk. Assess the effectiveness and completeness of implemented security controls, security mechanisms, and architecture decisions from an assurance and exploitability perspective. Evaluate trust boundaries, privileged operations, manufacturing pathways, debug capabilities, firmware update mechanisms, and product lifecycle transitions for potential security weaknesses. Threat Modeling & Exploitability Analysis Evaluate the quality, completeness, and realism of product threat models and challenge assumptions through attacker-informed analysis. Conduct exploitability and attack surface analysis across firmware and embedded systems, including: secure boot and roots of trust, authentication and authorization controls, secure firmware update paths, manufacturing and RMA workflows, debug interfaces (UART/JTAG), provisioning and lifecycle security, cryptographic implementations and key management approaches. Partner with engineering teams to recommend practical, risk-informed mitigations and compensating controls. Security Lifecycle Assurance Advance secure development lifecycle (SDL) effectiveness across product teams by assessing security rigor, implementation quality, and evidence readiness. Evaluate effectiveness of product security activities including: threat modeling, secure coding practices, SAST and static analysis, SBOM and dependency management, vulnerability scanning, fuzzing and penetration testing, compiler hardening and secure build configurations, security validation evidence. Help establish scalable assurance methodologies and minimum expectations appropriate to product risk and business objectives. Adversarial Security Assessment Partner with adversarial security engineering and product teams to evaluate realistic attack scenarios and challenge defensive assumptions. Assess firmware attack surfaces and identify practical attack paths against embedded systems and storage products. Translate security findings into durable engineering guidance and portfolio-wide lessons learned. Security Incident & Vulnerability Feedback Partner with PSIRT and product teams to identify recurring vulnerability patterns and systemic product security weaknesses. Translate security incidents, vulnerability trends, and field learnings into improvements in secure development and security assurance practices. Support risk assessment and remediation prioritization for significant product security issues. Customer, Regulatory & Executive Security Assurance Support customer-facing technical security inquiries, security assessments, and product assurance activities. Provide technically grounded assessments to support customer security questionnaires, product evaluations, and audit activities. Strengthen product readiness for evolving security expectations, regulatory obligations, and industry cybersecurity frameworks. Support executive and product leadership in understanding product security posture and residual risk. Cross-Functional Collaboration Partner closely with: Platform Security Architects, Firmware Engineering, ASIC and hardware teams, Product Engineering, Quality and Validation, PSIRT, Product Security Assurance, External security assessment partners. Drive outcomes through technical influence, collaboration, and pragmatic risk-based decision making. Required: Bachelor's, Master's, or PhD degree in Computer Science, Electrical Engineering, Computer Engineering, Cybersecurity, or a related technical fiel

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Sandisk? Share your experience