Senior Product Security Engineer

You know the moment. It’s the first notes of that song you love, the intro to your favorite movie, or simply the sound of someone you love saying “hello.” It’s in these moments that sound matters most. 

At Bose, we believe sound is the most powerful force on earth. We’ve dedicated ourselves to improving it for more than 60 years. And we’re passionate down to our bones about making whatever you’re listening to a little more magical.

 

The Information Technology team at Bose exists to deliver valuable and reliable business and technology solutions with an innovative, engaged, and collaborative team focused on contributing to our corporate vision.

Job Description

Senior Product Security Engineer

Location: On-site in Atlanta office
Team: Product Security
Reports to: Director of Product Security

We’re seeking a Senior Product Security Engineer to join the global product security team at Bose, a globally recognized brand synonymous with premium audio experiences, innovation in sound technology, and a legacy of engineering excellence.

Founded in 1964 by Dr. Amar Bose, the company has a deep heritage rooted in research, pushing the boundaries of acoustics, electronics, and user experience.

We’re not just about headphones and speakers—our technology powers automotive audio systems, noise cancellation for pilots and the military, and increasingly, software-driven and cloud-connected audio platforms. This blend of physical products and digital ecosystems makes Bose a unique playground for engineers who want to work on end-to-end security solutions.

This isn’t a penetration testing role, but you'll need a solid grasp of common vulnerabilities and attack techniques — and know how to assess and respond to test results and reports when they land.

In this role, you’ll work across hardware, firmware, mobile apps, and cloud services to integrate security into every stage of the product lifecycle—from design to post-market support.

You’ll partner with engineers, product managers, legal, and supply chain stakeholders to ensure our devices and ecosystems are secure, resilient, and trusted by customers worldwide.

Key Responsibilities

• Conduct threat modeling, security architecture reviews, and secure code/design assessments across hardware and software platforms including embedded, mobile and cloud.
• Drive adoption of secure product development practices in collaboration with engineering teams.
• Coordinate penetration tests by helping define scope, working with external testers, and managing the findings. Use CVSS and professional expertise to determine and guide fixes.
• Support coordinated vulnerability disclosure and product security incident response.
• Create, contribute to, and enforce security standards for firmware updates, device provisioning, authentication, and secure boot.
• Collaborate with partners and vendors to ensure secure technology integration, licensing, and intellectual property protection.
• Champion cryptographic best practices, key management processes, and IP protection mechanisms throughout the product development lifecycle.
• Participate in regulatory compliance initiatives (e.g., TISAX, ISO, NIST/CISA guidance) and customer assurance activities.
• Share knowledge through mentoring, documentation, and internal training on secure software development and product design.

Qualifications

• 5+ years of experience in product or application security, preferably in embedded systems, consumer electronics, or connected devices.
• Solid understanding of secure product development lifecycle (SPDLC), threat modeling, and software/hardware security principles.
• Proficiency in secure coding and architecture review, with the ability to guide teams in implementing mitigations.
• Skilled at assessing penetration test and scan reports, scoring findings, and collaborating with engineering teams to deliver fixes.
• Familiarity with IoT or smart home devices, mobile platforms (Android/iOS), and cloud service integrations.
• Hands-on experience with SAST/DAST, SBOM tools, and secure firmware update mechanisms.
• Strong understanding of Linux environments, command-line tools, and automation such as CI/CD pipelines, Dockerized workflows, and scripting.
• Practical knowledge of modern cryptography, key management, and secure provisioning techniques.
• Strong interpersonal and communication skills with the ability to influence across engineering and non-engineering teams.

Preferred

• Experience with hardware interfaces (I2C, SPI, UART), embedded Linux, or RTOS platforms.
• Experience with secure product manufacturing processes and OTA updates.
• Knowledge of licensing implications of 3rd-party software, open source, and technology IP.

Why Join Us?

• Collaborate with top-tier engineers building award-winning audio and connected products.
• Work in a security-first culture backed by leadership and aligned to modern regulatory frameworks.
• Help shape the security posture of products used by millions globally.

Bose is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status, or any other legally protected characteristics. The EEOC’s “Know Your Rights: Workplace discrimination is illegal” Poster is available here: https://www.eeoc.gov/sites/default/files/2023-06/22-088_EEOC_KnowYourRights6.12ScreenRdr.pdf. Bose is committed to providing reasonable accommodations to individuals with disabilities. If you require reasonable accommodation in completing this application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please direct your inquiries to [email protected]. Please include "Application Accommodation Request" in the subject of the email.

Our goal is to create an atmosphere where every candidate feels supported and empowered in the interviewing process. Diversity and inclusion are integral to our success, and we believe that providing reasonable accommodation is not only a legal obligation but also a fundamental aspect of our commitment to being an employer of choice. We recognize that individuals may have different needs and requirements based on their abilities, and we provide reasonable accommodations to ensure ideal conditions are met during the application process.