National AI Awards 2025Discover AI's trailblazers! Join us to celebrate innovation and nominate industry leaders.

Nominate & Attend

Senior/Staff Security Engineer

Arm Limited
Cambridge
2 weeks ago
Create job alert

Job Overview:

As aSecurity Engineer – Fuzzing Specialist, you will own and evolve our coverage-guided fuzzing program. Your mission is to uncover hard-to-reach security flaws before attackers do, drive fixes to closure, and help product teams to embrace dynamic testing like fuzzing. You’ll scout for new attack surfaces, craft high-performance fuzzing harnesses, and design custom sanitisers that push the state of the art. Success means measurable coverage gains, actionable crash reports, and products that ship with provable resilience.

Responsibilities:

  • Map & prioritise fuzzing surfacesacross services, libraries, APIs, and protocols; maintain a living risk-based roadmap.
  • Design, build, and extend fuzzing harnesses(libFuzzer, AFL++, Honggfuzz, etc.) that improve code-path exploration and minimise false positives.
  • Continuously improve coverageby growing seed corpus, deploying targeted mutation strategies, and integrating new instrumentation techniques.
  • Automate crash triage & root-cause analysis; distinguish exploitable vulnerabilities from benign faults and drive CVE-level findings to remediation.
  • Develop custom sanitisersto expose classes of bugs traditional fuzzing misses.
  • Validate fixes & guard against regressionsthrough differential fuzzing and regression corpora.
  • Assess external disclosures(bug bounties, supply-chain advisories) to determine fuzzing detectability and refine harnesses when gaps are found.
  • Document, report, and share insights— from coverage metrics to post-mortems to create data-driven security.

Required Skills and Experience :

  • 1+ years in application or product security with a deep focus on coverage-guided fuzzing.
  • Hands-on expertise with at least one modern fuzzing framework (e.g.,libFuzzer,AFL++,Honggfuzz).
  • Proficient inC/C++plus strong scripting ability inPythonfor automation.
  • Solid understanding of memory-safety vulnerabilities, undefined behaviour, sanitisers, and compiler instrumentation.
  • Demonstrated ability to triage crashes using debuggers, profilers, and reverse-engineering tools (gdb/lldb, IDA/Ghidra).
  • Excellent written communication for documenting findings and influencing engineering teams.

“Nice To Have” Skills and Experience :

  • Contributions to open-source fuzzing tools, sanitisers, or security research publications.
  • Knowledge ofdistributed fuzzing at scale(GCP/AWS, Kubernetes, or bare-metal clusters).
  • Familiarity with kernel, embedded, or firmware fuzzing (e.g., Syzkaller, QEMU-based harnesses).
  • Background in reverse engineering, static analysis or symbolic execution.
  • Experience integrating fuzzing intoCI/CD pipelinesand tracking coverage metrics.

If you’re passionate about breaking software safely, love high-coverage charts, and want to make a measurable dent in product security, we’d love to hear from you!

#LI-JG1

Accommodations at Arm

At Arm, we want to build extraordinary teams. If you need an adjustment or an accommodation during the recruitment process, please email . To note, by sending us the requested information, you consent to its use by Arm to arrange for appropriate accommodations. All accommodation or adjustment requests will be treated with confidentiality, and information concerning these requests will only be disclosed as necessary to provide the accommodation. Although this is not an exhaustive list, examples of support include breaks between interviews, having documents read aloud, or office accessibility. Please email us about anything we can do to accommodate you during the recruitment process.

Hybrid Working at Arm

Arm’s approach to hybrid working is designed to create a working environment that supports both high performance and personal wellbeing. We believe in bringing people together face to face to enable us to work at pace, whilst recognizing the value of flexibility. Within that framework, we empower groups/teams to determine their own hybrid working patterns, depending on the work and the team’s needs. Details of what this means for each role will be shared upon application. In some cases, the flexibility we can offer is limited by local legal, regulatory, tax, or other considerations, and where this is the case, we will collaborate with you to find the best solution. Please talk to us to find out more about what this could look like for you.

Equal Opportunities at Arm

Arm is an equal opportunity employer, committed to providing an environment of mutual respect where equal opportunities are available to all applicants and colleagues. We are a diverse organization of dedicated and innovative individuals, and don’t discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.


#J-18808-Ljbffr

Related Jobs

View all jobs

Senior/Staff product security engineer

Senior/Staff Application Security Engineer (Bangkok based, relocation provided)

Senior Security Engineer

Senior Security Engineer

Staff Security Engineer

Senior Azure Cloud Security Engineer

National AI Awards 2025

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Cyber Security Jobs Skills Radar 2026: Emerging Frameworks, Tools & Certifications to Learn Now

Cyber threats are evolving—and so must the people defending against them. As ransomware, AI-enhanced phishing, and supply chain attacks grow more advanced, UK employers are urgently hiring cyber security professionals with the right mix of strategic and hands-on skills. Welcome to the Cyber Security Jobs Skills Radar 2026, your go-to guide for the most in-demand tools, frameworks, certifications, and technologies shaping the UK's cyber workforce. Whether you're a SOC analyst, penetration tester, or cloud security architect, this annual radar is designed to help you stay ahead of the market.

How to Find Hidden Cyber Security Jobs in the UK Using Professional Bodies like BCS, CIISec & More

The demand for skilled cyber security professionals in the UK has never been higher. With threats increasing in sophistication and frequency, organisations are urgently hiring ethical hackers, threat analysts, GRC specialists, and security architects. But many of the most valuable roles—particularly in government, defence, and critical infrastructure—are never publicly advertised. Instead, these jobs are shared behind the scenes through trusted networks, private communities, and professional bodies. In this article, we explore how to uncover hidden cyber security jobs in the UK using organisations like the BCS (The Chartered Institute for IT), CIISec (The Chartered Institute of Information Security), ISACA, and ISC² UK Chapter. We’ll show you how to use membership directories, special interest groups, CPD events and informal networks to gain early access to roles most people never see.

How to Get a Better Cyber Security Job After a Lay-Off or Redundancy

Redundancy is never easy—especially in a fast-moving field like cyber security, where your skills and experience are constantly evolving. But if you’ve recently been made redundant from a cyber security role, know this: the UK cyber workforce remains in high demand, and your expertise is more valuable than ever. Whether you’re a SOC analyst, penetration tester, incident responder, security architect or GRC specialist, there are still thousands of opportunities across sectors including finance, defence, government, retail, and critical infrastructure. This guide will help you turn redundancy into a career relaunch, with a clear action plan tailored to the UK cyber security job market.