Embedded Engineering Cybersecurity Consultant

Embedded Engineering Cybersecurity Analyst

WFH opportunity.

Roles & Responsibilities:

• Work with the runtime Cybersecurity Advisor/Coach to ensure each 

  release of the runtime SDK is developed according to Secure Development Lifecycle (SDL)

  , to meet internal and external cybersecurity standards, regulatory compliance, and the needs of customers. 

• Provide cybersecurity expertise through guidance in architecting, designing and threat model mentoring to members during the development cycle.

   Perform 

  cybersecurity code review for pull requests

   as part of the SDL process. 

• Evaluation, tracking, and resolution of product and runtime cybersecurity issues

   and 

  related technical debt in 3rd party packages, reported both internally and from external sources, such as:

1. Cybersecurity vulnerabilities (CVEs)

2. OS/package patches: Debian GNU/Linux, VxWorks

3. Commercial/FOSS packages: Mongoose, UA-HPSDK, OpenSSL

   , 

   mbedTLS, fmt, libyuarel, Frozen, optionparser, zlib, among others.

• Management and use of tools for static and dynamic code analysis

   (Coverity, SQuORE, Halgrind, Valgrind, CppCheck) and 

  Software Composition Analysis

   (Black Duck Binary Analysis, Black Duck Hub) in 3rd party packages and the current code base, while maintaining the mentioned:

1. Address false-positive findings, evaluate and triage bugs, and resolve or assign to an SME as appropriate.

2. Evaluate BDBA/BDH findings and work with the runtime teams to resolve.

• Ensure qualimetry data for all significant branches

   (master branch, release branches, component branches) is current and accessible for use by management, with keen attention on the following:

1. Set up to support new releases as needed

2. Regular/scheduled and on-demand scans to timely detect abnormalities.

3. Monitor the changes and notify if the trend is upward

4. Create and update a formal report on branches

• Engineering degree (BS in Electrical, Computer Science, Robotics, or related discipline)

• 8 - 12 years’ experience in code development

   for 

  multi-task embedded systems running in Linux, VxWorks/RTOS, and Windows.

   

• Seasoned programming skills with object-oriented design (C/C++) and scripting languages (Python, Bash, Shell, PowerShell)

• Knowledge of cybersecurity issues common to C/C++. Knowledge of Common Vulnerabilities and Exposures. Knowledge of IEC 62443-4-2.

• Familiarity with Open-source software (OSS), Git, GitHub, Debian GNU/Linux, and Ubuntu.

• Familiarity with Software Composition Analysis (SCA), Static Code Analysis and Static Application Security Testing (SAST), Fuzz testing

• Demonstrate ability to work with cross-functional and global teams, and the ability to align and bring best-in-class processes and coding standards.

• The Ideal consultant should be able to work with members in India, Europe and the U.S. EST time zone.

hiring@araycon.com

Immediate Joiners