Sr Product Security Engineer

About Forterra

Forterra is a leading provider of autonomous systems for ground-based movement in the working world. Amongst some of the earliest innovators in the field of driverless technology, Forterra is focused on building systems that protect front-line soldiers and enable civilian workers in our industrial base. Forterra is the go-to provider of ground autonomy solutions for the U.S. Department of Defense, which harnesses the technology for asymmetric warfare in critical conditions.

About the role

Forterra is seeking an experienced Product Security Engineer to join our team and support efforts to in the development of secure autonomous systems.

What you'll do

• Provide domain expertise and contributions within a team of product security engineers.
• Collaborate with engineers from other cross-functional groups such as systems, safety, and test to ensure
  product and program level needs are met.
• Development of security artifacts and required documentation to provide evidence of rigor in accordance
  with relevant standards.
• Ensure that security requirements are clearly defined, implemented and traceable.
• Audit embedded code to identify security vulnerabilities.
• Work with product and engineering teams to identify, implement, and advance security with our products.
• Lead product security initiatives and serve as a subject matter expert (SME)
• Carry out risk assessments to prioritize threats and compare mitigation strategies.
• Conduct penetration tests and risk assessments in an automotive, industrial or disconnected
  environment.
• Work with Forterra engineers, vendors, and partners to drive vulnerability remediation.
• Perform activities such as sprint planning, task delegation, roadmap refinement and identifying markers of
  success.

What We're Looking For:

• Ability to write security requirements and communicate them to other engineering teams.
• Demonstrated skill in hardware and software security, including a track record of identifying and mitigating high-impact vulnerabilities.
• Experience with software supply chain risk management and SBOMs.
• Familiarity with ISO/SAE 21434, NIST 800-218, NIST 800-53, and NIST 800-37.
• Knowledge and practical experience with the Risk Management Framework (RMF) for cybersecurity compliance and assessment.
• Strong communication skills, both written and spoken.
• Demonstrated ability to deal with ambiguity and to learn new technologies quickly.

What We Need:

• BS in Computer Science, Computer Engineering, Information Security, Electrical Engineering or proof of exceptional skills in related fields, with practical software engineering experience.
• A minimum of 4+ years of work experience as a Product Security Engineer or related role.

What We Love to See:

• Advanced degree in a technical or engineering discipline.
• Familiarity with NHTSA Cybersecurity Best Practices and UNECE R155
• Experience with disassemblers and/or reverse engineering.
• Experience with fuzzing, buffer overflows, and other common exploit methodologies.
• Penetration testing certification (OSCP, Pentest+, GPEN).
• Security expertise in one or more of: C, C++, Python, ARM, x86, CAN, CAN/FD, cryptography, disconnected systems, exploit development.
• Experience with Secure Software Development Lifecycle (SSDLC) processes and methodologies.
• Proficiency in working with Linux operating systems, including system administration and shell scripting.
• Familiarity with Department of Defense (DoD) Security Technical Implementation Guides (STIGs), particularly DISA STIG compliance.
• Hands-on experience supporting or leading the Authorization to Operate (ATO) process, including preparation of security documentation and coordination with authorizing officials.
• Active U.S. Government security clearance (Secret or higher) or the ability to obtain and maintain a clearance.

Work Location:

Clarksburg, MD

Pay Range:

US Salary Range
$120,000-$155,000

The salary range for this role is an estimate and is based on a wide variety of compensation factors. The salary offered to candidates will vary based on a variety of factors including (but not limited to) relevant work experience, education, specialized training, critical expertise, training, and more. Equity in Forterra is included in most of our full-time, high-demand roles and is therefore considered part of Forterra's overall compensation package. In addition to base salary and equity, Forterra offers competitive benefits for full-time employees including:

• Premium Healthcare Benefits: Three plan options, including an HSA-eligible plan, with Forterra covering 80% of the plan premium for you and your dependents.
• Basic Life/AD&D, short and long-term disability insurance plans 100% covered by Forterra, plus the option to purchase additional life insurance for you and your dependents.
• Extremely generous company holiday calendar including a winter break in December.
• Competitive paid time off (PTO) offering 20 days accrued per year.
• A minimum of 7 weeks fully paid parental leave for birth/adoption.
• A $9k annual tuition reimbursement or professional development stipend.
• Fully stocked beverage refrigerators with all the Celsius your little heart desires.
• 401(k) retirement savings plan, including traditional, Roth 401(k), and after-tax deferral with company match up to 4%.

Your recruiter will be able to share more information about our salary and benefits offering during the hiring process.

Forterra is an equal-opportunity employer, providing and promoting equal employment opportunity in accordance with local, state, and federal laws. Forterrans are unique, talented individuals who are united through a shared passion to deliver autonomous systems that enable national resilience and a robust supply chain. All qualified applications will receive equal consideration for employment.

The pay range for this role is:

120,000 - 155,000 USD per year (ARC)