Job
Description
As a Security Software Designer at Wabtec Corporation, you will play a crucial role in designing, developing, and implementing software solutions to safeguard systems and networks from cyber threats. You will collaborate closely with cross-functional teams to ensure that security is seamlessly integrated into every phase of the software development lifecycle. **Key Responsibilities:** - Carry out security assessment in compliance with Wabtec CATO requirements on Embedded Product using Threat Model, Threat & Risk Analysis, and vulnerability analysis. - Establish the Security Architecture and Design based on project requirements to mitigate threats and obtain final cybersecurity approval for release. - Design and develop secure embedded software applications. - Analyze security scan results and propose mitigations for SAST, DAST, SCA, and FST requirements. - Collaborate with Development teams of different product lines to suggest and integrate secure practices in the product design lifecycle. **Qualifications / Requirements:** - Bachelor's/Master's degree in CS/E&C/IS with at least 8 years of overall working experience in Embedded Systems with Cybersecurity. - Proven expertise in secure software design development with a focus on security practices. - Strong understanding of security protocols, cryptography, and secure coding techniques. - Excellent problem-solving abilities and attention to detail. **Essential Requirements:** - Profound technical knowledge of Secure Embedded System Design and Implementation in Bear Metal & Embedded Linux, including Secure Boot, Serial, USB, Ethernet, and IoT. - Hands-on experience with programming languages C, C++, and Python. - Familiarity with Secure Design Patterns & Principles, Standards IEC62443, NIST 800 Standard OWSAP, CWE. - Working experience with Network Protocols, network Infrastructure, and services in Embedded Linux like Firewalls, Routers, Switches, VPN, HTTP, SSH, SFTP, FTP, TFTP, SNMP, DHCP, MQTT, MQTTS, NTP, etc. - Understanding of Cryptographic Concepts such as Storage of passwords, accounts, keys, Certificates use, Crypto Key Management, Key Generation, and Key Usage. **Desired Requirements:** - Sound Knowledge of Network Security Protocols like HTTPS, SSL, TLS. - Understanding of Authentication and Authorization processes. - Familiarity with Gitlab Repository and Pipeline Concept. - Experience in the design and development of FPGA, PLC, Cloud, and IoT-based secure systems. - Ability to study and propose the best Security design Solutions to meet project needs. - Capability to comprehend and adhere to customer-proposed security Requirements and Standards. - Knowledge of Security Scan tools like Polaris, Blackduck, etc. - Proficiency in perceiving system knowledge and analyzing the Threat Surface and Vector of threat. - Skilled in proposing and conceptualizing Security solutions based on the Technology domain. **Work Model:** Hybrid (3 Days a week), may change based on Organization policies. **Travel:** Domestic/International - Minimal based on project requirements. **Physical Requirement:** Must be able to work on a hybrid model at Bengaluru facility and collaborate with team members efficiently. Should be capable of working long hours on Laptop/System as per project needs. --- This job description does not include any additional details about the company.,
