Senior Security Software Engineer

Keysight is hiring a Senior Security Software Engineer to research, design, and build advanced binary and firmware level software composition analysis capabilities for the Keysight SBOM Manager solution.

This role focuses on identifying software components, dependencies, and security-relevant metadata from compiled artifacts where source code, package manifests, or traditional package-manager metadata may be unavailable or incomplete.

The ideal candidate has strong systems programming skills, experience analyzing compiled software, and the ability to develop practical automated analysis techniques that can scale into production product features.

This is a low-level security engineering and product development role. It is not a DevSecOps, compliance, audit, or GRC position.

• Research and develop techniques for identifying software components in compiled binaries, firmware images, and embedded software artifacts.
• Analyze compiled formats such as ELF, PE, archives, containers, filesystems, and firmware images.
• Design and implement production-quality analysis engines, parsers, heuristics, and supporting services.
• Build capabilities that improve SBOM accuracy, dependency identification, vulnerability mapping, and component provenance.
• Evaluate open-source and proprietary tooling for binary analysis, firmware extraction, reverse engineering, and SCA workflows.
• Work with product, research, and engineering teams to turn experimental analysis methods into reliable product functionality.
• Document technical findings, design decisions, and implementation tradeoffs.
• Mentor other engineers and contribute to a strong technical engineering culture.

• Master's degree in Computer Science, Mathematics, Computer Engineering, Cybersecurity, or equivalent practical experience.
• Experience analyzing compiled artifacts such as ELF, PE, Mach-O, static libraries, shared libraries, firmware images, or embedded software packages.
• Experience writing production-quality systems software.
• Strong proficiency in at least one systems programming language such as Rust, C, or C++.
• Hands-on experience with software dependency analysis beyond package-manager metadata, including compiled artifacts, binary inspection, firmware analysis, or static analysis.
• Ability to investigate unfamiliar technical problems, form hypotheses, prototype approaches, and turn successful methods into maintainable software.
• Strong debugging, technical reasoning, and problem-solving skills.

• Experience developing in Rust.
• Experience with firmware reverse engineering, vulnerability research, or embedded systems security.
• Experience with automating binary analysis tasks in one of the widely used RE platforms such as Ghidra, IDA Pro or Radare2.
• Familiarity with software composition analysis, SBOM formats, package ecosystems, vulnerability databases, or dependency resolution.
• Experience with file format parsing, archive extraction, symbol analysis, string analysis, fingerprinting, or similarity matching.
• Experience designing scalable analysis pipelines or backend services.
• Experience mentoring engineers, leading technical investigations, or guiding research-to-product transitions.

A strong candidate may have a background in one or more of the following areas:

• Binary analysis
• Firmware analysis
• Reverse engineering
• Vulnerability research
• Embedded systems security
• Static analysis
• Compiler/toolchain internals
• Systems programming
• Software supply chain security
• Security product engineering

Keysight is an Equal Opportunity Employer.