Product Security Lead Engineer Software

WHAT YOU DO AT AMD CHANGES EVERYTHING

We care deeply about transforming lives with AMD technology to enrich our industry, our communities, and the world. Our mission is to build great products that accelerate next-generation computing experiences - the building blocks for the data center, artificial intelligence, PCs, gaming and embedded. Underpinning our mission is the AMD culture. We push the limits of innovation to solve the world’s most important challenges. We strive for execution excellence while being direct, humble, collaborative, and inclusive of diverse perspectives.

AMD together we advance_

Product Security Lead Engineer

Job Description

As a Product Security Engineer, you will be responsible for ensuring the security of our software products throughout their lifecycle. You will work closely with development teams to integrate security best practices into the software development process and address potential vulnerabilities.

Key Responsibilities

• Serve as the engineering representative focused on security for internal stakeholders.
• Develop, implement, and advance security testing methodologies, including penetration testing and vulnerability assessments.
• Perform threat modeling and risk assessments to identify potential vulnerabilities in software applications.
• Monitor and analyze security incidents, providing recommendations for remediation and prevention.
• Stay current with industry trends, emerging threats, and security technologies.
• Conduct security training and awareness sessions for development teams.
• Conduct security code reviews and static/dynamic analysis to identify and remediate security flaws.
  
  
  

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• 10-12 years of experience in software security engineering or a related field, with a focus on application security.
• Proficiency in scripting languages (especially Python).
• Familiarity with secure coding practices.
• Strong knowledge of security principles, practices, and frameworks (e.g., OWASP, NIST, etc.).
• Experience with security tools such as BlackDuck, SonarQube, and Coverity.
• Strong understanding of CI/CD pipelines, Github integration, and creating automation frameworks for SDLC.
• Familiarity with the software development life cycle (SDLC) and agile methodologies.
• Excellent analytical, problem-solving, and communication skills.
• Ability to work collaboratively in a fast-paced environment and manage multiple priorities.
• Ability to evaluate and score Common Vulnerabilities and Exposures (CVEs).
  
  
  

• Certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or similar.
• Familiarity with product security concepts, including Secure Boot, FIPS compliance, etc.
• Experience contributing to CVEs.