As a global technology innovator, Qualcomm pushes the boundaries of what is possible; enabling next-generation experiences and driving digital transformation toward a smarter, more connected future. The AISW organization is Qualcomm's central AI software engineering engine, delivering industry-defining AI SDKs across mobile, automotive, XR, IoT, and cloud platforms. Our culture is built on a growth mindset, a commitment to inspiring excellence, and empowering teams and leaders to bring their best every day; creating life-changing innovations that impact billions of lives around the world.

AI runtimes, model compilers, and inference SDKs now operate in safety-critical, latency-sensitive, and high-assurance contexts where vulnerabilities can carry real-world consequences at massive scale. This reality demands security researchers who can think across the full stack. From hardware-adjacent firmware and accelerator interfaces to SDK-level APIs and developer-facing toolchains; and who are equipped to drive proactive threat discovery, rigorous vulnerability analysis, and security-by-design principles throughout the software development lifecycle. Our mission is to ensure that AI software powering the next generation of mobile, automotive, edge, and connected devices remains resilient, trustworthy, and secure against the most determined adversaries by exploring innovative ways to identify and prevent security flaws before they can be discovered, exploited, or weaponized in the real world.

We are seeking talented, self-driven Product Security Engineers; from Junior to Senior level with security expertise to partner with AISW development teams from design to deployment.

In this role, you will evaluate system architectures for security gaps, build automated and continuous security assessments, contribute security fixes alongside developers, and embed security gates into CI/CD pipelines. You will play a founding role in building threat detection systems from the ground up, champion the adoption of new testing tools and detection mechanisms, and leverage LLM-driven workflows and agentic systems to scale security research and raise simulation fidelity.

Responsibilities

• Evaluate AISW Team’s products for security gaps early in the development lifecycle, partnering with engineering teams from ideation through release.

• Conduct security design reviews, threat modeling sessions, and architecture assessments to surface attack surfaces and trust-boundary risks.

• Monitor the threat landscape to identify newly disclosed vulnerabilities, adversarial techniques, and emerging attack patterns relevant to AISW products.

• Leverage threat intelligence to inform adversary emulation scenarios, including campaign design, TTP selection aligned with MITRE ATT&CK, and operational sequencing.

• Develop and maintain automated solutions for threat emulation, improving accuracy and efficiency in detection validation.

• Analyze telemetry generated from simulations to assess detection coverage, identify gaps, and recommend improvements.

• Develop and maintain security guidance documentation including policies, procedures, and best practices as a living reference for the AISW organization

• Systematically discover, validate, triage, and track security vulnerabilities from internal teams, automated scanners, and external security researchers.

• Manage the full vulnerability lifecycle; from initial report through rescan validation, applying concepts such as severity scoring (CVSS), KEV prioritization, risk acceptance, ownership assignment, and aging governance.

• Support zero-day escalation events: rapidly iterate through the VM lifecycle, produce custom impact reports, and drive time-sensitive remediation decisions.

• Apply working knowledge of DevSecOps tooling including SAST, SCA, DAST, container scanning, secrets scanning, and SBOM generation.

• Continuously hunt for exploitable vulnerabilities across applications, infrastructure, developer toolchains, and AI model pipelines.

• Perform comprehensive security assessments across AI development workflows, documenting findings with reproduction steps, exploitability analysis, impact assessment, and actionable remediation guidance.

• Build automated security testing tools and agentic workflows — leveraging LLM-driven pipelines — to scale vulnerability discovery, threat emulation, and CI/CD security gating across Stub APIs and build pipelines.

• Advocate for and drive the creation and deployment of new detection mechanisms, paved-path security solutions, and offensive tooling improvements.

• Lead security outreach efforts including post-mortem reviews, vulnerability disclosure coordination, and security advocacy programs.

• Provide security training and conduct outreach sessions with internal development teams to embed a security-conscious culture across AISW.

• Collaborate across business units (Auto BU, MLG, QSIO) on security feature enablement, product sign-off, and risk treatment decisions.

• Manage security update release processes and support coordination and disclosure activities with customers and OEM partners.

Preferred Qualifications:

• Master's degree in Computer Science, Cybersecurity, Electrical Engineering, or a related field.

• 2+ years of experience in offensive or product security roles, inclusive of software development experience.

• 2+ years of hands-on penetration testing, product security assessment, application security, cloud security, or equivalent offensive security experience.

• Experience performing security activities across one or more SDLC phases: security design review, threat modeling, secure code review, and security testing.

• Experience building or evaluating AI-driven vulnerability discovery pipelines.

• Experience with reverse engineering and low-level systems analysis (IDA Pro, Ghidra, LLDB).

• Proficiency in Python and/or C/C++; experience with scripting for security automation and code review.

• Familiarity with DevSecOps tooling: SAST, SCA, DAST, container scanning, secrets scanning, and SBOM tooling.

• Working knowledge of vulnerability management concepts: CVSS, KEV, false positives, rescan validation, risk acceptance, and dependency management.

• Familiarity with global automotive cybersecurity regulations and standards, including ISO/SAE 21434 and UN R155.

• Experience on product security for embedded devices, which may include a subset of the following skillsets: Device integrity and authentication, Secure communications, Trusted execution environment (TEE), Protected virtualization and platform isolation techniques, Embedded/real time OS security, Hardware access control, Secure provisioning and debug, Key management and applied crypto.

• Excellent written and verbal communication skills, with the ability to collaborate effectively across engineering, product, and leadership teams.

• Proven track record in security research, vulnerability discovery, or security publication.

• Familiarity with global regulations and industry standards, including ISO/SAE 21434, UN R155, GDPR, and CRA.

• Knowledge of adversarial machine learning and model robustness techniques (e.g., MITRE ATLAS).

• Experience working in regulated environments, including automotive, healthcare, finance, or defense.

• Strong understanding of secure software development practices and cloud security (AWS, Azure, or GCP).

• Industry certifications such as OSCP, OSED, GXPN, GREM, CISSP, CISM, or equivalent GIAC certifications.

• Proficiency in one or more programming languages: Python, C, or C++.

• Solid understanding of common vulnerability classes: memory corruption, logic flaws, and authentication bypass.

• Strong understanding of modern AI/LLM system failure modes (e.g., prompt injection, data exfiltration, model misuse).

• Excellent written and verbal communication skills, with the ability to collaborate effectively across engineering, product, and leadership teams.

Qualcomm is an equal opportunity employer. If you are an individual with a disability and need an accommodation during the application/hiring process, rest assured that Qualcomm is committed to providing an accessible process. You may e-mail disability-accomodations@qualcomm.com or call Qualcomm's toll-free number found here Upon request, Qualcomm will provide reasonable accommodations to support individuals with disabilities to be able participate in the hiring process. Qualcomm is also committed to making our workplace accessible for individuals with disabilities. (Keep in mind that this email address is used to provide reasonable accommodations for individuals with disabilities. We will not respond here to requests for updates on applications or resume inquiries).