Product Security Specialist

Job Description

Job Description Summary We are looking for a smart, security-minded, enthusiastic and friendly cyber security advisor who can work collaboratively with development teams to complete design and SDLC work for Products and Systems. Product Cyber-security Specialist is responsible for the analysis of controllers, systems for cyber security requirements. Conduct tests to verify Cyber security levels and recommend mitigation plans for products, systems during product development stages. As a member of a global and matrixed team, she/he will also be responsible for guiding secure design, testing of different products, control systems. Job Description Essential Responsibilities Involve in reviews, suggest changes, conduct tests to ensure systems, controllers to meet Cyber security requirements. Facilitate decisions and bring teams together to design and document software architecture, modularity, and future- proofing. Support/Involve development of proofs-of-concept to prove out strategy and manage development and product risks. Support production of technical documentation for software architecture, design, verification plans. Engage with development teams and ensure all software developed is compliant to Cyber-security requirements. Collaborate with a team of controls and system engineers developing operational technology software for various subsystems. The position requires an understanding of OT System, cloud application architecture and conversant with all Cyber security requirements. This role requires strong cooperation with system and subsystem teams necessary for command and control of the systems involved. Work with multiple teams in different location to identify vulnerability, suggest remediation to the software to meet customer requirements. Contribute to multi-generation product and tool planning. Qualifications/Requirements Bachelor in computer science/Cyber Security or relevant engineering or equivalent knowledge / experience with 0-1 Years of Experience. Good understanding in Cyber security for Controller, Systems in OT Space. Familiar with penetration testing for Controllers, Systems, Web software’s, CAPEC, Ethical hacking. Good Knowledge/worked on Cyber security tools and solutions like Wireshark, NESSUS, Burp Suite, Nmap, Nozomi, Claroty, Splunk, Acronis, Ivanti, etc. Knowledge in different phases of Software Development Life cycle (SDLC) including Design, Implementation and Testing. Knowledge on web technologies like JavaScript, jQuery, AJAX, JSON, AngularJS, Angular 6, NodeJs, Spring, Hibernate, Spring boot, MVC, RESTful Web Services, Flux, SOAP will be an added advantage. Knowledge on database RDBMS, MySQL NoSQL databases will be an added advantage. Software component: MS Visual Studio, MS Office, MS Visio, SVN, GitHub Linux and Windows OS Familiar with ISA 624443, NIST 800 standards will be an added advantage. Familiar on active directory, certificate management and hardening w.r.t CIS benchmarks for critical assets like switches, windows-based workstation and controllers. Familiar with threat modelling and risk assessment for OT products Additional Information Relocation Assistance Provided: Yes Show more Show less