Senior/Staff Security Engineer - Fuzzing Specialist
Company: Arm
Job Overview
As a Security Engineer – Fuzzing Specialist, you will own and evolve our coverage-guided fuzzing program. Your mission is to uncover hard-to-reach security flaws before attackers do, drive fixes to closure, and help product teams to embrace dynamic testing like fuzzing. You’ll scout for new attack surfaces, craft high-performance fuzzing harnesses, and design custom sanitisers that push the state of the art. Success means measurable coverage gains, actionable crash reports, and products that ship with provable resilience.
Responsibilities
* Map & prioritize fuzzing surfaces across services, libraries, APIs, and protocols; maintain a living risk-based roadmap.
* Design, build, and extend fuzzing harnesses (libFuzzer, AFL++, Honggfuzz, etc.) that improve code-path exploration and minimize false positives.
* Continuously improve coverage by growing seed corpus, deploying targeted mutation strategies, and integrating new instrumentation techniques.
* Automate crash triage & root-cause analysis; distinguish exploitable vulnerabilities from benign faults and drive CVE-level findings to remediation.
* Develop custom sanitisers to expose classes of bugs traditional fuzzing misses.
* Validate fixes & guard against regressions through differential fuzzing and regression corpora.
* Assess external disclosures (bug bounties, supply-chain advisories) to determine fuzzing detectability and refine harnesses when gaps are found.
* Document, report, and share insights — from coverage metrics to post-mortems to create data-driven security.
Required Skills and Experience
* 1+ years in application or product security with a deep focus on coverage-guided fuzzing.
* Hands‑on expertise with at least one modern fuzzing framework (e.g., libFuzzer, AFL++, Honggfuzz).
* Proficient in C/C++ plus strong scripting ability in Python for automation.
* Solid understanding of memory‑safety vulnerabilities, undefined behavior, sanitisers, and compiler instrumentation.
* Demonstrated ability to triage crashes using debuggers, profilers, and reverse‑engineering tools (gdb/lldb, IDA/Ghidra).
* Excellent written communication for documenting findings and influencing engineering teams.
Nice to Have Skills and Experience
* Contributions to open‑source fuzzing tools, sanitisers, or security research publications.
* Knowledge of distributed fuzzing at scale (GCP/AWS, Kubernetes, or bare‑metal clusters).
* Familiarity with kernel, embedded, or firmware fuzzing (e.g., Syzkaller, QEMU‑based harnesses).
* Background in reverse engineering, static analysis or symbolic execution.
* Experience integrating fuzzing into CI/CD pipelines and tracking coverage metrics.
Seniority Level
Mid‑Senior level
Employment Type
Full‑time
Job Function
Information Technology
Industries
Semiconductor Manufacturing, Software Development, and Computer Hardware Manufacturing
Equal Opportunities at Arm
Arm is an equal opportunity employer, committed to providing an environment of mutual respect where equal opportunities are available to all applicants and colleagues. We are a diverse organization of dedicated and innovative individuals, and don’t discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Accommodations at Arm
At Arm, we want our people to do great things. If you need support or an accommodation to be your brilliant self during the recruitment process, please email accommodations@arm.com. All accommodation requests will be treated with confidentiality, and information concerning these requests will only be disclosed as necessary to provide the accommodation.
#J-18808-Ljbffr