Xilinx develops highly flexible and adaptive processing platforms that enable rapid innovation across a variety of technologies - from the endpoint to the edge to the cloud. Xilinx is the inventor of the FPGA, hardware programmable SoCs and the ACAP (Adaptive Compute Acceleration Platform), designed to deliver the most dynamic processor technology in the industry and enable the adaptable, intelligent and connected world of the future in a multitude of markets including Data Center (Compute, Storage and Networking); Wireless/5G and Wired Communications; Automotive/ADAS; Emulation & Prototyping; Aerospace & Defense; Industrial Scientific & Medical, and others. Xilinx's core strengths simultaneously address major industry trends including the explosion of data, heterogeneous computing after Moore's Law, and the dawn of artificial intelligence (AI).
Our global team is growing and we are looking for bold, collaborative and creative people to help us lead the industry transformation to build an adaptable intelligent world. We believe that by embracing diverse ideas, striving for excellence in all that we do, and working together as a unified team, we can accomplish anything. Come do your best work and live your best life as part of the ONEXILINX team!
Product Security Incident Lead
Reporting to the Senior Director of SW Architecture, this individual will work closely with security representatives from various disciplines across the company on incidents that impact Xilinx SW & IP. The role also calls for considerable involvement behind the scenes engaged directly with development & verification teams to improve the security of our processes and products. A candidate demonstrating a balance of accountability, passion, polish and solid technical experience will thrive in our high-energy, high-impact organization.
Key responsibilities include
- Full-lifecycle ownership of events escalated as potential security incidents, including:
- Initial triage and scoring of events
- In-depth event investigation and development of an incident response action plan
- Coordination of all incident remediation and response activities, including written and verbal communication with internal stakeholders and outside partners
- Conduct “after action” reviews of completed incident response activities
- Identification and tracking of security improvements identified during incidents or as part of a review
- Prepare executive summaries and conduct briefings on significant investigations
- Document and communicate repeatable processes and procedures for Incident Response
- Participate in industry events, track industry research and security trends, and use best practices to drive improvements in processes and products
- B.S. or M.S. in Computer Science, Information Security or related experience
- 10+ years product development or security experience, with 3+ years experience in product security and strong demonstrated knowledge of common attacks
- Understanding of best practices in security engineering: secure development, cryptography, security operations, systems security, policy, and incident response
- Experience with FIRST, CERT and working as part of a Product Security Incident Response Team (PSIRT)
- High degree of self-confidence, poise, maturity, discretion, diplomacy and empathy
- Articulate communicator, effective with varying audiences at multiple levels of sensitivity
- Proven track record of influence with a diverse set of functional disciplines (e.g., engineering, marketing, QA, legal, etc.)
- Relevant development experience in languages such as C/C++, Java, Python
- In-depth knowledge of Linux and Windows
- In-depth knowledge of cloud and cyber security
- Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications
- Familiarity with security tools and techniques such as static analysis, runtime analysis, black-box testing
- Relevant industry certifications from SANS, ISC2, etc.