Product Security Engineer

Company Profile:

eInfochips, an Arrow company, is a leading global provider of product engineering and semiconductor design services. With over 500+ products developed and 40M deployments in 140 countries, eInfochips continues to fuel technological innovations in multiple verticals. The companys service offerings include digital transformation and connected IoT solutions across various cloud platforms, including AWS and Azure.

Along with Arrows $27B in revenues, 19,000 employees, and 345 locations serving over 80 countries, eInfochips is primed to accelerate connected products innovation for 150,000+ global clients. eInfochips acts as a catalyst to Arrows Sensor-to-Sunset initiative and offers complete edge-to-cloud capabilities for its clients through Arrow Connect.

Founded in 1994, our work culture is built over years of experience in providing innovative solutions to our clients and our indomitable spirit to excel in all aspects of our engagement. We believe that our success lies upon the skills and quality of our people we work with.

Silicon engineering services: ASIC / FPGA Design & Development, Design Verification & Validation, Physical Design & DFT

Embedded systems engineering services: Hardware Design, System Software, System Verification & Validation, Multimedia

Software engineering services: Cloud Enablement, IoT & Mobility, Application Software, QA and Test Automation, BI and Data Visualization

Extended services: New Product Development, Lifecycle Management, Product Sustenance

IPs: DevOps for IoT, IoT Gateway Framework, IoT Device Lifecycle Management, Video Management Software, Reusable Camera Framework, Test Automation Framework, Reference Designs & EVMs, Verification IPs, OptiX Physical Design Framework

Job Description

Location:

Ahmedabad, Pune

Experience:

610 years

Key Skills:

Extensive experience with threat modeling frameworks (STRIDE, TARA)

Deep understanding of embedded system architectures (ARM/SoC, MCU)

Expertise in secure boot and hardware root of trust evaluations

Proficient in analyzing secure design and risk management methodologies

Strong knowledge of compliance standards (RED, IEC 62443, ISO 27001)

Ability to integrate architectural risk assessments with VAPT planning

Skilled in attack surface analysis for complex embedded systems

Experience with security assessment tools and architectural review platforms

Excellent technical documentation and reporting skills

Ability to mentor and guide engineering teams on secure design practices

Strong analytical and problem-solving skills

Proficient in developing detailed risk assessments and remediation plans

Experience in reviewing hardware-software integration for security gaps

Excellent communication skills for bridging technical and compliance teams

Proactive in keeping current with emerging design vulnerabilities

Responsibilities:

Lead comprehensive architecture reviews and threat modeling assessments

Analyze device/system architecture for vulnerabilities impacting security

Define clear test objectives and attack scenarios based on design flaws

Translate architectural risks into actionable VAPT test cases

Oversee and guide the development of detailed security risk assessments

Collaborate with VAPT teams to ensure design vulnerabilities are tested

Provide mentorship and technical guidance to engineering teams

Document architectural weaknesses and recommend remediation measures

Coordinate with compliance teams to ensure design evaluations align with RED 18031

Develop and maintain comprehensive architecture review documentation

Conduct periodic reviews and updates of threat models based on emerging risks

Participate in security workshops and training sessions on secure design

Evaluate secure boot, update processes, and hardware root of trust implementations

Review integration points between hardware and software for potential flaws

Present findings to both technical and non-technical stakeholders

Qualifications & Certifications:

Bachelors or Masters in Electronics, Embedded Systems, or Information Security

Preferred: CISSP, CSSLP, or equivalent secure design certifications

Familiarity with IEC 62443 and RED 18031 threat modeling practices is a plus

Interested Candidates can share your resume on