Job Description

Xperi invents, develops and delivers technologies that create extraordinary experiences at home and on the go for millions of people around the world. Powering billions of consumer electronics, connected cars and digital content titles, we make entertainment more immersive, driving more intelligent and every interaction seamlessly personalized through our renowned consumer brands: DTS, HD Radio(TM) and TiVo.

Xperi (NYSE: XPER) is a publicly traded technology company headquartered in San Jose, CA with over 2,000 employees across North America, Europe and Asia. Come join a thriving team where you can play an integral role in shaping the future of entertainment technology.

About the role:

We are seeking an experienced Senior Product Security Engineer to lead cloud security initiatives across the Xperi enterprise to protect information assets including Xperi Infrastructure, Xperi Services, and Xperi Data. The ideal candidate will have a thorough understanding of complex IT systems, stay updated with the latest security standards, systems, and authentication protocols, and have extensive experience with various cloud services and resources.

What you will get to do:

Responsibilities

Serve as a security subject matter expert with in-depth knowledge of cloud security. Provide technical leadership to continually improve the security posture of Xperi cloud infrastructure and services. Secure enterprise information by determining security requirements; planning, implementing, and testing security systems; reviewing security standards, policies, and procedures. Perform threat modeling and risk assessment, document and present the findings to business leaders. Establish collaborative working relationships with IT and business development teams to ensure cloud solutions are securely integrated with existing software and infrastructure. Design, develop, and deploy scalable cloud-based security solutions. Perform vulnerability testing, risk analyses, and security assessments. Conduct cloud security audits and ensure necessary security controls are in place. Monitor and respond to security incidents and breaches. Keep abreast of the latest security issues, regulatory changes, and industry trends. Conduct security training and awareness programs to educate staff about cloud security risks and responsibilities. Regularly report on the status of cloud security, including any breaches or vulnerabilities. Work with third-party vendors to ensure that security requirements are met. Maintain compliance with all relevant security and privacy laws and regulations.

DevSecOps Requirements:

Champion the integration of security practices within the DevOps lifecycle, ensuring security is embedded from development through deployment. Collaborate with development, operations, and QA teams to implement automated security checks in CI/CD pipelines. Define and enforce secure coding standards and conduct code reviews to identify vulnerabilities early in the development process. Utilize tools for static and dynamic application security testing (SAST/DAST), software composition analysis (SCA), and container security. Monitor and respond to security alerts from DevOps toolchains and cloud-native environments. Drive the adoption of Infrastructure as Code (IaC) security practices and ensure compliance with security policies in automated deployments. Provide guidance on secure configuration management and secrets handling across development and production environments. Continuously evaluate and improve DevSecOps processes to align with evolving threat landscapes and compliance requirements.

Collaboration with Business Owners

Work closely with business owners to understand their security needs and requirements. Provide guidance and recommendations to business owners on best practices for cloud security. Ensure that security measures align with business objectives and do not hinder business operations. Communicate security risks and mitigation strategies to business owners in a clear and understandable manner. Assist business owners in developing and implementing security policies and procedures that meet their specific needs.

Who we are looking for:

Qualifications

Minimum of 5-7 years of experience in IT security, with at least 3 years focused on cloud infrastructure. Deep understanding of cloud platforms (AWS, Azure, GCP) and their native security tools and services. Strong experience with infrastructure-as-code (IaC) security (e.g., Terraform, CloudFormation). Proficiency in scripting languages (Python, Bash, PowerShell) for automation and tooling. Solid grasp of networking concepts, firewalls, VPNs, and secure communication protocols. Experience with container security (e.g., Docker, Kubernetes) and CI/CD pipeline security. Familiarity with compliance frameworks such as NIST, ISO 27001, SOC 2, and GDPR. Hands-on experience with SIEM, EDR, and vulnerability management platforms. Strong analytical and problem-solving skills with attention to detail. Excellent communication skills with the ability to influence and educate stakeholders at all levels. Relevant certifications such as CISSP, CISM, CCSP, AWS Certified Security - Specialty, or Azure Security Engineer Associate are highly desirable.

Life @ Xperi:

At Xperi, we value People, Customers, Performance and Innovation. We are dedicated to creating a workplace where all employees have a voice and sense of belonging, feel safe and valued, and are acknowledged for how their unique differences contribute to organizational culture and business outcomes.
Our employees and their families are important to us, and our comprehensive pay, stock and benefits programs reflect that. Xperi supports personal well-being, builds financial security and enables employees to share in our collective success.
Rewards include:Competitive compensation (salary, equity and bonuses) and comprehensive benefits designed to foster work-life balance, care for your health, protect your finances and help you save and invest for the future. Generous paid time away from work, including flexible time off, holidays and sick time, health and wellness initiatives, and a charitable match program to help you give back to your community. Great perks, which vary by location and can be site-specific: employee discounts, transportation reimbursements, subsidized cafes and fitness facilities. * A flexible, hybrid work environment combining the best of in-office collaboration and community-building along with the benefits of working from home.