**Position:** Product Security Engineer - (IOT, Embedded) **Job Description:** **Experience:** 6–10 years **Key Skills:** • Extensive experience with threat modeling frameworks (STRIDE, TARA) • Deep understanding of embedded system architectures (ARM/SoC, MCU) • Expertise in secure boot and hardware root of trust evaluations • Proficient in analyzing secure design and risk management methodologies • Strong knowledge of compliance standards (RED, IEC 62443, ISO 27001) • Ability to integrate architectural risk assessments with VAPT planning • Skilled in attack surface analysis for complex embedded systems • Experience with security assessment tools and architectural review platforms • Excellent technical documentation and reporting skills • Ability to mentor and guide engineering teams on secure design practices • Strong analytical and problem-solving skills • Proficient in developing detailed risk assessments and remediation plans • Experience in reviewing hardware-software integration for security gaps • Excellent communication skills for bridging technical and compliance teams • Proactive in keeping current with emerging design vulnerabilities **Responsibilities:** • Lead comprehensive architecture reviews and threat modeling assessments • Analyze device/system architecture for vulnerabilities impacting security • Define clear test objectives and attack scenarios based on design flaws • Translate architectural risks into actionable VAPT test cases • Oversee and guide the development of detailed security risk assessments • Collaborate with VAPT teams to ensure design vulnerabilities are tested • Provide mentorship and technical guidance to engineering teams • Document architectural weaknesses and recommend remediation measures • Coordinate with compliance teams to ensure design evaluations align with RED 18031 • Develop and maintain comprehensive architecture review documentation • Conduct periodic reviews and updates of threat models based on emerging risks • Participate in security workshops and training sessions on secure design • Evaluate secure boot, update processes, and hardware root of trust implementations • Review integration points between hardware and software for potential flaws • Present findings to both technical and non-technical stakeholders **Qualifications & Certifications:** • Bachelor’s or Master’s in Electronics, Embedded Systems, or Information Security • Preferred: CISSP, CSSLP, or equivalent secure design certifications • Familiarity with IEC 62443 and RED 18031 threat modeling practices is a plus **Location:** IN-GJ-Ahmedabad, India-Ognaj (eInfochips) **Time Type:** Full time **Job Category:** Engineering Services Arrow Electronics, Inc.'s policy is to provide equal employment opportunities to all qualified employees and applicants without regard to race, color, religion, age, sex, marital status, gender identity or expression, sexual orientation, national origin, disability, citizenship, veran status, genetic information, or any other characteristics protected by applicable state, federal or local laws. Our policy of equal employment opportunity and affirmative action applies to all employment decisions personnel policies and practices, or programs.