Firmware Security Analyst

SDL Policy Adherence : Ensure that all firmware development processes align with Fluke s SDL (Security Development Lifecycle) policy, actively embedding security best practices throughout development.

Cross-Functional Security Collaboration : Partner with global development teams to integrate security as an inherent part of the product design, development, and testing process.

Automate Security Scans : Collaborate with DevOps to automate security scans and testing, ensuring that vulnerabilities are identified and addressed in a timely manner.

Establish Security Requirements : Define security requirements for firmware projects, helping development teams understand and implement required security measures.

Prioritize and Track Remediations : Work with development teams to prioritize vulnerability remediation based on risk, compliance needs, and product impact, and track resolution progress to ensure timely closure.

Incident Response Participation : Act as a critical member of the incident response team, providing firmware security expertise to investigate, contain, and resolve security incidents.

Compliance and Reporting : Track and report on compliance with the SDL, documenting adherence and improvements over time, and contribute to periodic security posture reports for management.

Qualifications and Experience:

Skills and Work Traits

• Strong understanding of firmware development processes and secure development lifecycle (SDL) principles.
• Experience with automated security scanning tools, particularly for firmware (e.g., Binwalk, Firmware Analysis Toolkit, static and dynamic analysis tools).
• Familiarity with DevOps practices and tools used to integrate security testing into CI/CD pipelines.
• Proven ability to work cross-functionally with global, remote teams and influence security adoption within development cycles.
• Effective communication skills for conveying complex security requirements and collaborating across teams.
• Detail-oriented with an analytical approach to prioritizing, managing, and remediating vulnerabilities.
• Experience participating in incident response efforts, particularly in the context of firmware or embedded systems.

Education

• B.S. Degree in Cybersecurity, Computer Engineering, or a related field, or equivalent work experience.
• Industry certifications such as Certified Ethical Hacker (CEH), GIAC Security Essentials (GSEC), or working towards similar credentials (preferred).
• This position is ideal for someone with a proactive approach to firmware security and experience in secure development practices, looking to make an impact within Fluke s global product security framework.