The Staff Security Engineer will identify security risks within our IoT device ecosystem, communicate those risks to management, and assist with the mitigation efforts.  This role requires hands-on experience with reverse engineering, networking, operating systems, and programming. The ideal engineer will bring these skills to bear on complex IoT security challenges. The Senior Security Engineer will also document security policies and procedures and ensure they remain up to date with applicable industry standards and compliance requirements.

Responsibilities:

The Staff Security Engineer primary job responsibilities include:

• Perform IoT penetration testing, including firmware extraction, reverse engineering, and vulnerability discovery
• Perform security research, analysis, and testing via threat modeling, vulnerability assessment, penetration testing, and/or social engineering across a wide variety of applications, platforms and systems

• Use a combination of manual and automated techniques to assess risks and circumvent security mechanisms of devices and application
• Oversee and manage the deployment, integration, and configuration of security solutions and enhancements to existing IoT infrastructure and the enterprise’s security documents
• Select and acquire additional security solutions or enhancements to existing security solutions to improve overall IoT enterprise security
• Clearly outline and document risk impacts of test findings in reports
• Test, triage, and drive remediation of security issues reported by external parties
• Actively partner with infrastructure, application, product, and other stakeholders to ensure deployed solutions minimize security and privacy risks
• Other duties as assigned 

REQUIREMENTS

• B.A. or B.S. (or higher) in Computer Science, Electrical Engineering, or a related engineering program with strong academic performance preferred
• 10+ years of information security experience, with a strong focus on offensive security, penetration testing, or vulnerability research
• Prior experience performing security testing and assessment in IoT, embedded, or firmware based environments
• Working knowledge of embedded system design and constraints (development experience a plus, but not required)
• Familiarity with using hardware debugging equipment such as oscilloscopes, logic analyzer and other tools
• Familiarity with interface protocols such as UART, I²C, SPI, JTAG, and related tooling.
• Experience analyzing embedded Linux systems and firmware images.
• Familiarity with ARM CPU architectures with exposure to x86, RISC-V, or others as a plus
• Experience with reverse-engineering tools such as IDA Pro, Ghidra, and/or Binary Ninja
• Certification in one or more Information Security disciplines is preferred or ability to obtain certifications.
• Self-starter, analytical, tenacious problem solver
• Strong verbal and written communication skills for a highly collaborative environment
• Rigorous attention to detail and focus on quality of deliverables
• Proven team experience and comfort in a team-oriented environment
• Passion for working with technology and excitement for creating high quality consumer technology product
  

If you feel like you don’t meet all the requirements for this role, we encourage you to apply. We don’t want a few of them to get in the way of meeting a great candidate like you!

Please note that sponsorship of new applicants for employment authorization, or any other immigration-related support, is not available for this position at this time.

WHY WORK FOR ALARM.COM?

• Collaborate with outstanding people: We hire only the best. Our standards are high and our employees enjoy working alongside other high achievers.
• Make an immediate impact: New employees can expect to be given real responsibility for bringing new technologies to the marketplace. You are empowered to perform as soon as you join the Alarm.com team!
• Gain well rounded experience: Alarm.com offers a diverse and dynamic environment where you will get the chance to work directly with executives and develop expertise across multiple areas of the business.
• Community and Camaraderie: One of our core values is to 'Keep It Fun,' which to us means fostering a strong sense of community. Our culture is built on collaboration and connection, where we celebrate our successes and believe that a positive, engaging environment is key to doing our best work.
• Alarm.com values working together and collaborating in person. Our employees work from the office 4 days a week.

COMPANY INFO

Alarm.com is the leading platform for intelligently connected properties. Millions of homeowners and businesses rely on Alarm.com's technology to secure, monitor, and manage their environments from anywhere. Our comprehensive suite of solutions—including security, video surveillance, access control, active shooter detection, intelligent automation, energy management, and wellness—is delivered exclusively through a trusted network of thousands of professional service providers and commercial integrators across North America and worldwide. Alarm.com's common stock is traded on Nasdaq under the ticker symbol ALRM. Alarm.com delivers serious security for serious people.

For more information, please visit www.alarm.com.

COMPANY BENEFITS

Our total rewards package is designed to support you holistically—in your health, your finances, and your life outside of work. The package includes medical plans with company subsidies, a Health Savings Account (HSA) with a company contribution, and a 401(k) with an employer match. We encourage a healthy work-life balance with paid vacation that increases with tenure, paid holidays, wellness time, and paid maternity and bonding leave. To complete the package, we also provide company-paid disability and life insurance, all within a collaborative and casual work environment.

Alarm.com is an Equal Opportunity Employer

In connection with your application, we collect information that identifies, reasonably relates to or describes you ("Personal Information"). The categories of Personal Information that we may collect include your name, government-issued identification number(s), email address, mailing address, other contact information, emergency contact information, employment history, educational history, criminal record, and demographic information. We collect and use those categories of Personal Information about you for human resources and other business management purposes, including identifying and evaluating you as a candidate for potential or future employment or future positions, recordkeeping in relation to recruiting and hiring, conducting criminal background checks as permitted by law, conducting analytics, and ensuring compliance with applicable legal requirements and Company policies. By submitting your application, you acknowledge that we may retain some of the personal data that you provide in your application for our internal operations such as managing our recruitment system and ensuring that we comply with labor laws and regulations even after we have made our employment decision.

Notice To Third Party Agencies:
Alarm.com understands the value of professional recruiting services. However, we are not accepting resumes from recruiters or employment agencies for this position. In the event we receive a resume or candidate referral for this position from a third-party recruiter or agency without a previously signed agreement, we reserve the right to pursue and hire those candidate(s) without any financial obligation to you. If you are interested in working with Alarm.com, please email your company information and standard agreement to RecruitingPartnerships@Alarm.com.

Alarm.com is a rapidly expanding technology company developing innovative cloud and device solutions across a wide range of cutting-edge technologies that provide a unified, connected service to millions of residential and commercial properties in the US and abroad.  We are looking for a talented and passionate embedded software engineer for the Device Engineering team to help us define the future of the Internet-of-Things for residential and commercial properties by creating and integrating devices including security panels, networking gateways, and video cameras.  You will be working with a team of talented engineers across a diverse set of technological backgrounds to design devices, build and manufacture hardware, architect and implement software, and collaborate in an agile and fast-paced environment.

RESPONSIBILITIES 
The primary job responsibilities will include:

• Lead project development and ensure on-time releases by working closely with internal teams and external partners.
• Provide technical mentorship and guidance to team members, sharing expertise and best practices to enhance their skills and knowledge.
• Develop, test, and debug embedded software in Linux and Android environments.
• Work with external partners to securely integrate their embedded software with the Alarm.com platform.
• Coordinate with cross-functional teams such as Quality Engineering, Software Engineering, and Product Management to ensure on-time delivery of a fully tested and compatible device that meets product requirements.
• Communicate effectively and collaborate with teams to ensure timely project execution.
• Contribute to system-level debugging, performance profiling, and validation of embedded systems.
• Leverage and advocate for the use of AI tools to accelerate development and encourage adoption across the team.
• Other Duties as assigned. 

REQUIREMENTS

• Bachelor’s degree in Computer Science, Electrical/Computer Engineering, or a related field, or equivalent practical experience
• 6+ years of experience in embedded software development on Linux-based platforms.
• Strong proficiency in developing C++ applications for embedded systems using scalable, efficient, and well-structured software architecture and design principles.
• Strong attention to detail with a focus on robustness, scalability, and product quality.
• Passion for technology and enthusiasm for building high-quality consumer technology products.
• Strong collaboration and communication skills, with the ability to explain complex technical concepts to non-technical stakeholders.

NICE-TO-HAVES

• Hands-on experience with AOSP, Android NDK, and Android native application development and Linux kernel development.
• Familiarity with networking (cellular, Wi-Fi, Ethernet, Z-Wave, Zigbee, Matter).
• Experience with penetration testing and ethical hacking. 

Please note that sponsorship of new applicants for employment authorization, or any other immigration-related support, is not available for this position at this time.

WHY WORK FOR ALARM.COM?

• Collaborate with outstanding people: We hire only the best. Our standards are high and our employees enjoy working alongside other high achievers.
• Make an immediate impact: New employees can expect to be given real responsibility for bringing new technologies to the marketplace. You are empowered to perform as soon as you join the Alarm.com team!
• Gain well rounded experience: Alarm.com offers a diverse and dynamic environment where you will get the chance to work directly with executives and develop expertise across multiple areas of the business.
• Focus on fun: Alarm.com places high value on our team culture. We even have a committee dedicated to hosting a stand-out holiday party, happy hours, and other fun corporate events.
• Alarm.com values working together and collaborating in person.  Our employees work from the office 4 days a week.

COMPANY INFO

Alarm.com is the leading cloud-based platform for smart security and the Internet of Things. More than 7.6 million home and business owners depend on our solutions every day to make their properties safer, smarter, and more efficient. And every day, we’re innovating new technologies in rapidly evolving spaces including AI, video analytics, facial recognition, machine learning, energy analytics, and more.  We’re seeking those who are passionate about creating change through technology and who want to make a lasting impact on the world around them. 

For more information, please visit www.alarm.com.

COMPANY BENEFITS

Alarm.com offers competitive pay and benefits inclusive of subsidized medical plan options, an HSA with generous company contribution, a 401(k) with employer match, and paid holidays, wellness time, and vacation increasing with tenure. Paid maternity and bonding leave, company-paid disability and life insurance, FSAs, well-being resources and activities, and a casual dress work environment are also part of our outstanding total rewards package!

Alarm.com is an Equal Opportunity Employer

In connection with your application, we collect information that identifies, reasonably relates to or describes you (“Personal Information”). The categories of Personal Information that we may collect include your name, government-issued identification number(s), email address, mailing address, other contact information, emergency contact information, employment history, educational history, criminal record, and demographic information. We collect and use those categories of Personal Information about you for human resources and other business management purposes, including identifying and evaluating you as a candidate for potential or future employment or future positions, recordkeeping in relation to recruiting and hiring, conducting criminal background checks as permitted by law, conducting analytics, and ensuring compliance with applicable legal requirements and Company policies. By submitting your application, you acknowledge that we may retain some of the personal data that you provide in your application for our internal operations such as managing our recruitment system and ensuring that we comply with labor laws and regulations even after we have made our employment decision.

Notice To Third Party Agencies:
Alarm.com understands the value of professional recruiting services.  However, we are not accepting resumes from recruiters or employment agencies for this position. In the event we receive a resume or candidate referral for this position from a third-party recruiter or agency without a previously signed agreement, we reserve the right to pursue and hire those candidate(s) without any financial obligation to you. If you are interested in working with Alarm.com, please email your company information and standard agreement to RecruitingPartnerships@Alarm.com.

Job Summary

A Rampant Technologies Cybersecurity Engineer (CSE) is a key resource that is a part of the Rampant team

reporting to the Principal Engineer overseeing the CSE team to deliver innovative Cyber Security solutions that are

in alignment with the company’s goals.

Essential Duties & Responsibilities

SME on problem identification, diagnosis, and resolution of problems

Develop best practices for processes and standards that will better the system

Perform vulnerability assessments using standardized tools (Nessus, DISA STIGs) and configuration updates as

required to comply with security requirements.

Track and fulfill liens associated with A&A activities as documented in the Plan of Actions and Milestones.

Perform hardening of ops systems, COTS and open-source product

Validate best practices in Penetration testing, Configuration analysis, and Security

Prepare comprehensive security assessment testing documentation to validate applied security controls in

support of Assessment and Authorization (A&A) testing. Generating/maintaining security accreditation artifacts

associated with RMF process to include, but not limited to Security Requirements Traceability Matrix, Security

Plans, Certification Test Plans, Continuous Monitoring Plans)2

Perform timely updates in accreditation DB

Provide technical guidance focused on information security architecture.

Key Skills, Education & Experience

Minimum of eight (3) years’ relevant experience as a Cybersecurity Engineer in programs and contracts of

similar scope, type, and complexity is required; ideally three (3+) years of direct experience in the same

level/grade for like role.

Techno functional knowledge of/experience in:

Execution of the Assessment & Authorization (A&A process) in accordance with government

requirements (e.g. ICD-503)

Information systems security and continuous monitoring practices and how to assess their

effectiveness per NIST SP 800-53 and NIST SP 800-53A.

DCID 6/3, ICD 503, CNSSI 1253, NIST SP 800-53, NIST SP 800-53A, NIST SP 800-37, and security controls

assessment criteria/procedures

Integrity, availability, authentication, and non-repudiation concepts

IT security principles and methods (e.g., firewalls, demilitarized zones, encryption)

Network access, identity, and access management (e.g., public key infrastructure [PKI])

Security system design tools, methods, and techniques

Relevant laws, policies, procedures, or governance as they relate to work that may impact critical

infrastructure.

TCP/IP networking technologies, Linux account administration, Linux folder permissions, Patch

Management best practices on Operating Systems and applications, known vulnerabilities associated

with Windows and Linux platforms.

Continuous monitoring processes as outlined in NIST SP 800-137 appropriate for systems, leveraging

existing tools, efforts, and incorporating new automation techniques.

Virtualization technologies (e.g. VMWare, Docker)

OSI model and how specific devices and protocols interoperate, including knowledge of protocols, and

services for common network traffic

DoD/IC system security control requirements

XACTA and SNOW

Security testing and penetration tools that include Assured Compliance Assessment Solution (ACAS),

Wireshark, Retina, Tripwire, etc…

Hands on experience and proficiency with the full Microsoft Office Suite and tools such as Microsoft

Project, Microsoft Visio

Self-starter/motivator and 

Certifications and Clearance

Must have certifications (certifications with * indicate willing to hire if certification is within 3-6 months of

finalizing):

Active TS/SCI w/ Poly clearance required

Current certification compliant with DoD 8570 IAM or IAT level 3OR obtain certification within 6 months of

hire and maintain certification throughout employment.

MUST meet DoD 8570 IAT Level III requirements

IAT Level II Certifications (Security+ or equivalent)