Senior / Lead – Embedded Software Security

At Quest Global, it’s not just what we do but how and why we do it that makes us different. With over 25 years as an engineering services provider, we believe in the power of doing things differently to make the impossible possible. Our people are driven by the desire to make the world a better place—to make a positive difference that contributes to a brighter future. We bring together technologies and industries, alongside the contributions of diverse individuals who are empowered by an intentional workplace culture, to solve problems better and faster.

Customer is a leading global provider of equipment, systems, digital solutions and value-added services for freight and transit rail. The company has unmatched digital expertise, technological innovation, and world-class manufacturing and services, enabling the digital-rail-and-transit ecosystems.

It's not just about your career... or your job title... It's about who you are and the impact you are going to make on the world. Do you want to go into uncharted waters... Do things that haven't been done to make yours and someone else's life better? We have been doing that for decades and we will continue to do so! Through our people, leadership development, services, technology and scale, we deliver better outcomes for global customers by speaking the language of industry.

To strengthen our Cybersecurity Assessment and Operations team to cater the need of CATO (Cyber Security Authorization to Operate) support, we are now looking for - Sr/Lead Engineer – Embedded Software Security

Job Summary:

As a Security Software Designer, you will be responsible for designing, developing, and implementing software solutions that protect systems and networks from cyber threats. You will work closely with cross-functional teams to ensure that security is integrated into every phase of the software development lifecycle.

Primary responsibilities:

• Carry security assessment Complying to Organizational CATO requirements on Embedded Product Using Threat Model, Threat & Risk Analysis and vulnerability analysis.

• Bring up the Security Architecture and Design as per the Need of the project to mitigate / Remediate the threats and Get final Cybersecurity approval for Release.

• Design and Develop the Secure Embedded software applications

• Analyze and propose mitigation for Security scan results - SAST, DAST, SCA and FST requirements.

• Collaborate with Development team of Different Product lines to propose and integrate the secure Practices in product design lifecycle

We are known for our extraordinary people who make the impossible possible every day. Questians are driven by hunger, humility, and aspiration. We believe that our company culture is the key to our ability to make a true difference in every industry we reach. Our teams regularly invest time and dedicated effort into internal culture work, ensuring that all voices are heard.

We wholeheartedly believe in the diversity of thought that comes with fostering a culture rooted in respect, where everyone belongs, is valued, and feels inspired to share their ideas. We know embracing our unique differences makes us better, and that solving the worlds hardest engineering problems requires diverse ideas, perspectives, and backgrounds. We shine the brightest when we tap into the many dimensions that thrive across over 21,000 difference-makers in our workplace.

Qualification / Requirement:

• Bachelor’s / Master’s degree in CS/E&C/IS with Overall Working experience of 8+ Years in Embedded System with Cybersecurity

• Proven experience in Secure software design development with security practices.

• Strong understanding of security protocols, cryptography, and secure coding techniques.

• Excellent problem-solving skills and attention to detail.

Essential Requirements:

• Very strong technical knowledge on Secure Embedded system Design and Implementation in Bare Metal & Embedded Linux – Secure Boot, Serial, USB, Ethernet and IoT

• Hands experience with Programming Language C, C++ and Python

• Secure Design Patterns & Principles, Standards IEC62443, NIST 800 Standard, OWSAP, CWE

• Working experience with Network Protocols, network Infrastructure and services in Embedded Linux- Firewalls, Router, Switches, VPN, HTTP, SSH, SFTP, FTP, TFTP, SNMP, DHCP, MQTT, MQTTS, NTP etc.,

• Cryptographic Concept - Storage of passwords, accounts, keys, Certificates use, Crypto Key Management, Key Generation and Key Usage

Desired Requirements :

• Sound Knowledge on the Network Security Protocols HTTPS, SSL, TLS

• Authentication and Authorization

• Gitlab Repository and Pipeline Concept

• Design and Development experience in FPGA, PLC, Cloud and IOT based secure systems

• Study and Propose best Security design Solution to meet the project needs

• Understand and Comply to customer proposed security Requirements and Standards

• Risk Assessment

• Security Scan tools Knowledge Polaris, Blackduck etc.…

• Ability to perceive the system knowledge and Analyze the Threat Surface and Vector of threat

• Proficient enough to Propose and Conceptualize the Security solution based on the Technology domain

Work Model: Hybrid (3 Days a week), May change from time to time based on the Organization policies

Travel: Domestic/International - Minimal Based on project need

Physical Requirement:

• Shall be able to be work on hybrid model at Bengaluru facility and collaborate with team members

• Efficient enough to work long hours on Laptop / System as required by project needs