The Role
The Arm Product Security Incident Response Team (PSIRT) is looking for a highly motivated, experienced addition to their team, to help deliver on Arm's commitment to coordinated vulnerability disclosure (CVD) and navigate the ever-changing landscape of product security. Growth in this area has created an opportunity join a highly visible and dynamic team at the cutting edge of technology.
Job Overview:
This role is based within the Arm PSIRT and is responsible for managing security vulnerabilities and incidents related to Arm's products and services. We continuously monitor for threats, assess vulnerabilities, coordinate incident response, and facilitate remediation. We also prioritise risks and maintain transparent communication with partners and the community regarding security issues. Arm is committed to maintaining industry-leading product security based on continuous improvement of our organisation's security posture through investments into culture and process.
Responsibilities:
1. Day-to-day handling of suspected and confirmed vulnerabilities in Arm's portfolio of products using the established incident response process
2. Support Arm's engineering teams with analysis of reported vulnerabilities, including impact and severity assessments
3. Lead the development of Arm's vulnerability monitoring capabilities using internal and external sources
4. Liaise with Arm's engineering teams to facilitate the responsible disclosure of product security vulnerabilities
5. Engage with ecosystem peers across engineering and security teams to continuously improve Arm's product security processes based on growing industry expectations
Required Skills and Experience :
6. At least 2 years prior experience in a PSIRT or similar security function
7. Bachelor's or higher in a related field or equivalent experience
8. Excellent English written and verbal communication skills with a customer focus and ability to communicate vulnerabilities to a technical level
9. A good understanding of software, hardware, network, and system security
10. A good understanding of common classes of vulnerabilities and attack methodologies
11. Ability and willingness to expand security knowledge into various product spaces
“Nice To Have” Skills and Experience :
12. Experience with security research in products and ability to apply that knowledge to product security incident response
13. Experience in software vulnerability management and SDL practices
14. Prior engagement in working groups or similar with these key bodies FIRST, MITRE, CERT
15. Experience with ticket management systems such as Jira
16. Experience with incident management tooling
17. Experience with scripting languages, such as python
18. Familiarity Arm's technologies and/or semiconductors/compilers/firmware
In Return:
The Arm PSIRT is a growing and evolving team with senior management visibility and responsibility for business critical processes. Members of this team will be exposed to upper management, having the opportunity to build both internal and external connections including with Arm's partners and collaborators.
#