Staff Security Engineer

The Staff Security Engineer will identify security risks within our IoT device ecosystem, communicate those risks to management, and assist with the mitigation efforts.  This role requires hands-on experience with reverse engineering, networking, operating systems, and programming. The ideal engineer will bring these skills to bear on complex IoT security challenges. The Senior Security Engineer will also document security policies and procedures and ensure they remain up to date with applicable industry standards and compliance requirements.

Responsibilities:

The Staff Security Engineer primary job responsibilities include:

• Perform IoT penetration testing, including firmware extraction, reverse engineering, and vulnerability discovery
• Perform security research, analysis, and testing via threat modeling, vulnerability assessment, penetration testing, and/or social engineering across a wide variety of applications, platforms and systems

• Use a combination of manual and automated techniques to assess risks and circumvent security mechanisms of devices and application
• Oversee and manage the deployment, integration, and configuration of security solutions and enhancements to existing IoT infrastructure and the enterprise’s security documents
• Select and acquire additional security solutions or enhancements to existing security solutions to improve overall IoT enterprise security
• Clearly outline and document risk impacts of test findings in reports
• Test, triage, and drive remediation of security issues reported by external parties
• Actively partner with infrastructure, application, product, and other stakeholders to ensure deployed solutions minimize security and privacy risks
• Other duties as assigned 

REQUIREMENTS

• B.A. or B.S. (or higher) in Computer Science, Electrical Engineering, or a related engineering program with strong academic performance preferred
• 10+ years of information security experience, with a strong focus on offensive security, penetration testing, or vulnerability research
• Prior experience performing security testing and assessment in IoT, embedded, or firmware based environments
• Working knowledge of embedded system design and constraints (development experience a plus, but not required)
• Familiarity with using hardware debugging equipment such as oscilloscopes, logic analyzer and other tools
• Familiarity with interface protocols such as UART, I²C, SPI, JTAG, and related tooling.
• Experience analyzing embedded Linux systems and firmware images.
• Familiarity with ARM CPU architectures with exposure to x86, RISC-V, or others as a plus
• Experience with reverse-engineering tools such as IDA Pro, Ghidra, and/or Binary Ninja
• Certification in one or more Information Security disciplines is preferred or ability to obtain certifications.
• Self-starter, analytical, tenacious problem solver
• Strong verbal and written communication skills for a highly collaborative environment
• Rigorous attention to detail and focus on quality of deliverables
• Proven team experience and comfort in a team-oriented environment
• Passion for working with technology and excitement for creating high quality consumer technology product
  

If you feel like you don’t meet all the requirements for this role, we encourage you to apply. We don’t want a few of them to get in the way of meeting a great candidate like you!

Please note that sponsorship of new applicants for employment authorization, or any other immigration-related support, is not available for this position at this time.

WHY WORK FOR ALARM.COM?

• Collaborate with outstanding people: We hire only the best. Our standards are high and our employees enjoy working alongside other high achievers.
• Make an immediate impact: New employees can expect to be given real responsibility for bringing new technologies to the marketplace. You are empowered to perform as soon as you join the Alarm.com team!
• Gain well rounded experience: Alarm.com offers a diverse and dynamic environment where you will get the chance to work directly with executives and develop expertise across multiple areas of the business.
• Community and Camaraderie: One of our core values is to 'Keep It Fun,' which to us means fostering a strong sense of community. Our culture is built on collaboration and connection, where we celebrate our successes and believe that a positive, engaging environment is key to doing our best work.
• Alarm.com values working together and collaborating in person. Our employees work from the office 4 days a week.

COMPANY INFO

Alarm.com is the leading platform for intelligently connected properties. Millions of homeowners and businesses rely on Alarm.com's technology to secure, monitor, and manage their environments from anywhere. Our comprehensive suite of solutions—including security, video surveillance, access control, active shooter detection, intelligent automation, energy management, and wellness—is delivered exclusively through a trusted network of thousands of professional service providers and commercial integrators across North America and worldwide. Alarm.com's common stock is traded on Nasdaq under the ticker symbol ALRM. Alarm.com delivers serious security for serious people.

For more information, please visit www.alarm.com.

COMPANY BENEFITS

Our total rewards package is designed to support you holistically—in your health, your finances, and your life outside of work. The package includes medical plans with company subsidies, a Health Savings Account (HSA) with a company contribution, and a 401(k) with an employer match. We encourage a healthy work-life balance with paid vacation that increases with tenure, paid holidays, wellness time, and paid maternity and bonding leave. To complete the package, we also provide company-paid disability and life insurance, all within a collaborative and casual work environment.

Alarm.com is an Equal Opportunity Employer

In connection with your application, we collect information that identifies, reasonably relates to or describes you ("Personal Information"). The categories of Personal Information that we may collect include your name, government-issued identification number(s), email address, mailing address, other contact information, emergency contact information, employment history, educational history, criminal record, and demographic information. We collect and use those categories of Personal Information about you for human resources and other business management purposes, including identifying and evaluating you as a candidate for potential or future employment or future positions, recordkeeping in relation to recruiting and hiring, conducting criminal background checks as permitted by law, conducting analytics, and ensuring compliance with applicable legal requirements and Company policies. By submitting your application, you acknowledge that we may retain some of the personal data that you provide in your application for our internal operations such as managing our recruitment system and ensuring that we comply with labor laws and regulations even after we have made our employment decision.

Notice To Third Party Agencies:
Alarm.com understands the value of professional recruiting services. However, we are not accepting resumes from recruiters or employment agencies for this position. In the event we receive a resume or candidate referral for this position from a third-party recruiter or agency without a previously signed agreement, we reserve the right to pursue and hire those candidate(s) without any financial obligation to you. If you are interested in working with Alarm.com, please email your company information and standard agreement to RecruitingPartnerships@Alarm.com.