ActiveJobs

Product Security Assurance Architect

Sandisk · Milpitas, CA, us

Full-timeOn-sitePosted 22 June 2026
Apply on Company Site →

Job description

Sandisk understands how people and businesses consume data and we relentlessly innovate to deliver solutions that enable today’s needs and tomorrow’s next big ideas. With a rich history of groundbreaking innovations in Flash and advanced memory technologies, our solutions have become the beating heart of the digital world we’re living in and that we have the power to shape. Sandisk meets people and businesses at the intersection of their aspirations and the moment, enabling them to keep moving and pushing possibility forward. We do this through the balance of our powerhouse manufacturing capabilities and our industry-leading portfolio of products that are recognized globally for innovation, performance and quality. Sandisk has two facilities recognized by the World Economic Forum as part of the Global Lighthouse Network for advanced 4IR innovations. These facilities were also recognized as Sustainability Lighthouses for breakthroughs in efficient operations. With our global reach, we ensure the global supply chain has access to the Flash memory it needs to keep our world moving forward. Sandisk’s Product Security Engineering & Assurance (PSEA) organization is seeking a highly experienced Product Security Assurance Architect to strengthen security assurance across SanDisk’s firmware-driven products and storage platforms. This role is responsible for advancing product security through independent technical security assurance, exploitability analysis, adversarial security assessment, and product security lifecycle effectiveness across the portfolio. Working in close partnership with Platform Security, product engineering, firmware, ASIC, validation, and PSIRT teams, this position focuses on evaluating the effectiveness, completeness, and defensibility of implemented security controls and product security posture, helping ensure products are resilient against realistic threats and aligned with customer, business, and regulatory expectations. This role is distinct from embedded product security architecture and implementation functions. Product and Platform Security teams remain responsible for defining and implementing security architectures within products. This role focuses on independent technical assurance, attacker-informed analysis, security lifecycle maturity, and scalable product security risk reduction across the portfolio. Essential Duties and Responsibilities: Product Security Assurance & Technical Assessment Conduct independent technical security assessments of firmware-driven products, and embedded platforms to identify security gaps, attack paths, implementation weaknesses, and residual risk. Assess the effectiveness and completeness of implemented security controls, security mechanisms, and architecture decisions from an assurance and exploitability perspective. Evaluate trust boundaries, privileged operations, manufacturing pathways, debug capabilities, firmware update mechanisms, and product lifecycle transitions for potential security weaknesses. Threat Modeling & Exploitability Analysis Evaluate the quality, completeness, and realism of product threat models and challenge assumptions through attacker-informed analysis. Conduct exploitability and attack surface analysis across firmware and embedded systems, including:secure boot and roots of trust, authentication and authorization controls, secure firmware update paths, manufacturing and RMA workflows, debug interfaces (UART/JTAG), provisioning and lifecycle security, cryptographic implementations and key management approaches. Partner with engineering teams to recommend practical, risk-informed mitigations and compensating controls. Security Lifecycle Assurance Advance secure development lifecycle (SDL) effectiveness across product teams by assessing security rigor, implementation quality, and evidence readiness. Evaluate effectiveness of product security activities including:threat modeling, secure coding practices, SAST and static analysis, SBOM and dependency management, vulnerability scanning, fuzzing and penetration testing, compiler hardening and secure build configurations, security validation evidence. Help establish scalable assurance methodologies and minimum expectations appropriate to product risk and business objectives. Adversarial Security Assessment Partner with adversarial security engineering and product teams to evaluate realistic attack scenarios and challenge defensive assumptions. Assess firmware attack surfaces and identify practical attack paths against embedded systems and storage products. Translate security findings into durable engineering guidance and portfolio-wide lessons learned. Security Incident & Vulnerability Feedback Partner with PSIRT and product teams to identify recurring vulnerability patterns and systemic product security weaknesses. Translate security incidents, vulnerability trends, and field learnings into improvements in secure development and security assurance practices. Support risk assessment and remediation prioritization for significant product security issues. Customer, Regulatory & Executive Security Assurance Support customer-facing technical security inquiries, security assessments, and product assurance activities. Provide technically grounded assessments to support customer security questionnaires, product evaluations, and audit activities. Strengthen product readiness for evolving security expectations, regulatory obligations, and industry cybersecurity frameworks. Support executive and product leadership in understanding product security posture and residual risk. Cross-Functional Collaboration Partner closely with:Platform Security Architects, Firmware Engineering, ASIC and hardware teams, Product Engineering, Quality and Validation, PSIRT, Product Security Assurance, External security assessment partners. Drive outcomes through technical influence, collaboration, and pragmatic risk-based decision making. Required: Bachelor’s, Master’s, or PhD degree in Computer Science, Electrical Engineering, Computer Engineering, Cybersecurity, or a related technical field. 10+ years of experience in firmware security, embedded systems security, product security, platform security, or related disciplines. Strong expertise in firmware and embedded security concepts, including:secure boot, roots of trust, authentication and authorization, secure communications, firmware update security, cryptographic protections, debug and manufacturing security controls, secure provisioning and lifecycle security. Strong understanding of attacker techniques, exploitability analysis, and adversarial thinking applied to embedded systems. Experience evaluating threat models, security controls, and product security effectiveness. Strong analytical and problem-solving skills with the ability to balance security rigor with business realities. Excellent written and verbal communication skills with the ability to communicate effectively with engineering teams, vendors, product leadership, and executives. Preferred: Experience with SSD architectures, flash memory systems, storage controllers or embedded hardware platforms. Experience with secure development lifecycle (SDL), vulnerability management, PSIRT, or product security assurance functions. Familiarity with:secure coding standards, static analysis and security tooling, fuzz testing, penetration testing, security certifications and regulatory expectations (e.g., FIPS, Common Criteria, CRA). Experience working with external security research organizations or third-party product security assessments. Strong technical depth in firmware and embedded system security. Ability to challenge assumptions and assess security from an attacker perspective. Strong documentation, analytical, and technical communication skills. Ability to influence technical direction through collaboration and technical credibility. Strong judgment in balancing product risk, customer commitments, and business priorities. Sandisk is c

Verified and listed by ActiveJobs. Applications are made directly on Sandisk's own career page — we never sit in the middle.