Technical Specialist - Product Cyber Security

Role Overview:

Product Cyber Security Specialist/Architect

What will you do:

• Work with product development teams and carry out functional cyber risk assessments to identify applicable cybersecurity requirements throughout the entire development cycle.

• Develop standard work documents for cyber controls that meet technical requirements (for both systems and components) arising from standards such as IEC 62443

• Coordinate with quality and product development teams to periodically update cyber security design policies

  and ensure that these policies are incorporated into product design, with requirements for traceability and system validation and verification.
• Lead or support the standard work associated with product cyber security incident response management
• Work closely with the product testing teams to validate recommended security controls
• Continually enhance the capabilities of the Cyber security team:
• Identification of technology and methodology gaps
• Participation and leading technical and industry committees
• Creation of discipline health score card.
• Work in an environment of continuous improvement and lean process and product development.
• Stay updated on latest cyber security hacking news, technologies and methodologies including:
• The latest attack methodologies include penetration testing and red-team methodologies.
• Latest forensic and incident response methodologies.
• Attend security or hacker conferences and stay on the cutting edge

What You Will Need:

• 10+ years of experience with focus on product cybersecurity and hardening methods on various products such as embedded, IoT, cloud or mobile

• 2+ years hands-on experience with penetration testing methodologies and tools.

• In-depth knowledge of IEC 62443 or similar recognized cybersecurity standards and frameworks.

• In-depth knowledge of state-of-the-art cybersecurity controls and mitigation methods
• Working knowledge on developing cyber security threat modeling and systematic discovery of threats throughout product lifecycle
• Experience of risk assessment and risk treatment strategies utilizing recognized risk management frameworks.
• Knowledge of state-of-the-art security analysis tools and various product cyber security safeguards. These include threat modeling, source code analysis, dynamic analysis, penetration testing and audit/compliance tools

• Excellent written and verbal communication and presentation skills. Adept at communicating with globally disperse cross functional teams.

• Bachelor of Science/Engineering in cyber security, computer science or a related engineering discipline

What is Nice to Have:

• Strong knowledge in various cryptographic systems and requirements for authentication, authorization and encryption for various types of systems
• Intimate knowledge and experience with incident response management and risk assessment
• Collaboration and contribution on global standards and/or related published paper

• Valid cyber security certifications such as OSCP, GSEC, CEH