Senior Engineer- Product Security

Company:Qualcomm India Private LimitedJob Area:Engineering Group, Engineering Group > Security Engineering

General Summary:

As a leading technology innovator, Qualcomm pushes the boundaries of what's possible to enable next-generation experiences and drives digital transformation to help create a smarter, connected future for all. Qualcomm Security Engineers perform security assessments, develop company products, and collaborate across functions to ensure performance metrics and product requirements are met.

Minimum Qualifications:

• Bachelor's degree in Engineering, Computer Science, or related field and 2+ years of Security Engineering or related work experience.
OR
Master's degree in Engineering, Computer Science, or related field and 1+ year of Security Engineering or related work experience.
OR
PhD in Engineering, Computer Science, or related field.

Product Security Senior Engineer – Qualifications and Role Overview

Minimum Qualifications

Candidates must possess a bachelor’s degree in engineering, Information Systems, Computer Science, or a related field. In addition, applicants should have 3+ years of experience—either through work or academic endeavors—in the field of information security. It is important to note that the stated number of years is for guidance only; candidates with equivalent experience will also be considered if they can demonstrate their capabilities and relevant expertise.

About the Role

If you are passionate about making a positive impact on the security of billions of devices powered by Qualcomm SoCs and software, we invite you to apply to join the Qualcomm Product Security team. Recognized as one of the industry's top product security teams, we offer multiple positions with various areas of focus. This role focuses on open‑source software (OSS), vulnerability management, security automation, and ecosystem engagement across Qualcomm products.

Required Expertise and Experience

Applicants must have expertise or experience in the following areas:

• C and C++ programming languages
• Experience working CVE scanning tools such as Blackduck, Dependabot etc.
• Python Scripting and Automation.
• Familiarity with CVE/NVD ecosystem and CVSS severity scoring system.
• Experience working with SBOM formats (SPDX/Cyclone-DX).
• Secure code review, analysis, and vulnerability assessment.
• Experience in platforms such as Android or Linux and their build systems.
• Experience in Open-source development and security workflows.
• Knowledge in AI based tools and prompt engineering.
• Knowledge in leveraging LLMs across different platforms (Eg – VS code) to enhance security reviews and automate the workflows.
• Strong verbal and written communication skills, essential for clearly articulating security concepts and risks to diverse audiences

Preferred Qualifications

The following skills and experiences are considered advantageous:

• Knowledge in security regulations and industry standards (Eg – CRA, ISO21434).
• Exposure to the GCC and LLVM Compiler and linkers.
• Understanding of the internals of embedded systems.
• Experience with binary analysis.
• Knowledge of CI/CD pipeline, SDLC and DevSecOps practices.
• Exploit mitigation techniques.
• Threat modeling.

General Responsibilities

• Own and manage the open‑source vulnerability lifecycle for Qualcomm products, from discovery to remediation and disclosure.
• Analyze CVEs for applicability, impact, and exploitability across large‑scale products and codebases.
• Develop and maintain automation by leveraging AI for OSS vulnerability detection, triage, and tracking.
• Generate and maintain SBOMs and VEX documentation to communicate product security posture.
• Reduce scanner false positives through detailed code and binary analysis

Applicants: Qualcomm is an equal opportunity employer. If you are an individual with a disability and need an accommodation during the application/hiring process, rest assured that Qualcomm is committed to providing an accessible process. You may e-mail disability-accomodations@qualcomm.com or call Qualcomm's toll-free number found here. Upon request, Qualcomm will provide reasonable accommodations to support individuals with disabilities to be able participate in the hiring process. Qualcomm is also committed to making our workplace accessible for individuals with disabilities. (Keep in mind that this email address is used to provide reasonable accommodations for individuals with disabilities. We will not respond here to requests for updates on applications or resume inquiries).

Qualcomm expects its employees to abide by all applicable policies and procedures, including but not limited to security and other requirements regarding protection of Company confidential information and other confidential and/or proprietary information, to the extent those requirements are permissible under applicable law.

To all Staffing and Recruiting Agencies:Our Careers Site is only for individuals seeking a job at Qualcomm. Staffing and recruiting agencies and individuals being represented by an agency are not authorized to use this site or to submit profiles, applications or resumes, and any such submissions will be considered unsolicited. Qualcomm does not accept unsolicited resumes or applications from agencies. Please do not forward resumes to our jobs alias, Qualcomm employees or any other company location. Qualcomm is not responsible for any fees related to unsolicited resumes/applications.

If you would like more information about this role, please contact Qualcomm Careers.