Job Title:

Firmware Security Engineer

Business Area:

Engineering & Design

Location:

Lexington, KY USA

Job ID:

141465

Firmware Security Engineer

Lexmark is seeking an exceptional Security Engineer to join our Firmware and Software Security team. Our embedded devices are sophisticated Linux-powered systems that combine cutting-edge compute architectures and advanced imaging hardware with the latest in communication, security, and mobile standards and trends. Together, we provide solutions for a variety of challenges faced in industries of all sizes, from small businesses to those of the Fortune 500.

 

Job Description

Architect, design, develop, debug, and maintain firmware to provide innovative and secure products and solutions to our customers. Embedded firmware security features include user authentication and authorization, data integrity and security, media sanitization, and smart card capabilities. 

Responsibilities include development of embedded applications and libraries in C/C++ and Java in Linux, as well as evaluating and integrating open source software with our proprietary applications. Network programming/analysis and a security mindset are a plus. Research new trends in attack tools, techniques, and procedures; and learn how to design and develop to protect against them.

 

Job Duties

  • Design, develop, debug, and maintain embedded firmware including Linux application, library, and Java programming.
  • Evaluate, integrate, and maintain open source software within an embedded firmware environment.
  • Guiding the organization on implementing security protocols and services.
  • Coordinate with other teams in developing and documenting robust custom security solutions.

Successful candidates will:

  • Possess strong written and verbal communication skills to effectively interface with cross-functional development teams.
  • Thrive in a fast-paced, demanding and collaborative environment.
  • Prove that they can work collaboratively across geographies effectively to deliver results on schedule.
  • Possess a drive to innovate and for continuous skill development.
  • Demonstrate creative thinking to identify and solve complex technical problems.
  • Participate in the organization’s security development lifecycle

 

Qualifications:

  • BS in Computer Science, Engineering, or related technical field; may be substituted with equivalent practical experience.
  • 4+ years C/C++ programming experience preferred
  • 2+ years experience working in an embedded Linux environment preferred
  • Proficiency in Java and Python is preferred
  • Strong knowledge of software engineering concepts
  • Knowledge of MITRE ATT&K, CIS, OWASP and other threat, risk and vulnerability frameworks
  • CISSP, CISSP-ISSEP or CSSLP certification a plus
  • Excellent interpersonal and communication skills
  • Previous security penetration testing experience desirable
  • Familiarity with security technologies, processes, and concepts such as symmetric and asymmetric cryptography, TLS, Authentication and Authorization, Static Code Analysis and fuzz testing desirable