Product Security Engineer

Time iconFull-time
Remote iconRemote friendly

A rack-scale computer has an enormous attack surface including remote, physical, and supply chain attacks.  Oxide takes a secure by design approach to incorporate threat modeling, risk assessment, and mitigation directly into product development.

As a security engineer working at Oxide, you will:

  • Work with a friendly and positive team that prioritizes security as a key feature, not an afterthought, to identify, assess, and mitigate security weaknesses in Oxide products in development.
  • Define product security goals and develop corresponding implementations throughout the stack from hardware to web UIs including areas as wide-ranging as verified boot chain, remote attestation, PKI infrastructure, REST APIs, BGP peering, overlay networking, hypervisor and VMM, integration with enterprise authentication and authorization systems, and manufacturing and supply chain.
  • Review Requests for Discussion to identify how a design can be misused and document assumptions and scenarios considered in the development of the design.
  • Partner with software and electrical engineers to navigate trade-offs between meeting security and other product goals and reach consensus on the best path forward.
  • Develop proof of concept implementations of both exploits and mitigation techniques.
  • Implement production-ready mitigations in Oxide-written and third-party code.

These responsibilities are just a starting place! We’re a small company, we don’t have rigid roles, and we have a lot to do – we can help you grow wherever your interests take you.

You will thrive in this role if you:

  • Apply both attacker and defender mindsets to problems.
  • Believe in fully documenting your ideas.
  • Enjoy reading the documentation produced by others.
  • Get excited about things and dig really deep into them.
  • Find a weakness, build consensus on a mitigation strategy, and then implement the mitigation.
  • Are very comfortable at a Unix terminal.
  • Don’t mind coworkers getting really excited about decades-old computer front panels.

If you don’t meet 100% of these qualifications you should still seriously consider applying – at least one of us was missing each of these at the outset!

Life at Oxide

We are very explicit about our values, and they can be seen in daily life at Oxide, for example:

  • Our rigor means we enjoy and take pride in the craft of engineering.
  • Our urgency means that we are not above the judicious short-cut.
  • Our versatility is reflected in our greatest strength: the breadth of our team.
  • Our transparency can be seen in our consensus-driven RFD process.
  • Our responsibility means that we both lead and follow: we have our own domains, but we also help others on their parts.
  • Our curiosity shows in our insatiable desire to learn – and our empathy in our love of teaching others.
  • Our humor is a big part of our daily lives: we are inveterate wise-crackers whose video meetings spill into simultaneous text chat.

Our values also manifest themselves in our benefits:

  • Everyone makes $180,250, regardless of location.
  • We offer the best health insurance we could find: medical PPO plan, dental, and vision that are 100% covered for both employees and dependents.
  • We are very supportive of remote work. About half of our team is outside of the San Francisco Bay Area; our only requirement is working hours with a significant overlap with Pacific Time.
  • Our families and lives outside of our jobs are very important to us; our schedules are flexible to reflect and support that.