Cybersecurity Lead

Job description

Job Responsibilities:

• As Cyber Security Lead you are responsible for addressing security and risk through the whole value chain of product development.
• You participate in all stages of hardware, software, and network product development and integration.
• You identify vulnerabilities and risk, advising on the best approach from requirements definition all the way through release and eventual decommissioning.
• You manage and monitor attacks and intrusions directed at our systems, in coordination with our corporate security team.
• Your goal is to prevent, detect, act upon, and defend us against cyber threats.
• You will actively work and coordinate with the Global Lead, Cyber Security and Compliance.
• You will develop and train colleagues in incident response disciplines in case of a breach.
• You will proactively identify and remediate security gaps.
• You have subject matter expertise in IoT, Controls Networks, Network Engineering, and Factory Acceptance Testing.
• Duties will include but not be limited to providing support for Governance, Risk, Cybersecurity & Compliance in the area of IoT system security, preparation of documentation in support of audits, and conducting cyber security and vulnerability assessments.

Job Qualifications:

• Bachelor's degree in Computer Science, Business Administration, Engineering, and Information Services (or the equivalent of education and progressive responsible experience)
• Minimum of 7 years of Information Technology or Operating Technology experience, with 6 years of direct experience in IoT cybersecurity functions
• Architected security across all stages of the IoT product lifecycle: manufacturing, deployment planning, commissioning, runtime, and eventual decommissioning
• Experience defining & disseminating functional requirements and feedback from the market to internal business and engineering teams
• Supported product features by writing specifications and test plans, assisting development and test efforts, managing deployments and audits, and documenting new capabilities as they relate to cybersecurity
• Implemented automated pentests, static code analyzers, vulnerability scanners, active monitoring systems, and other risk reduction tooling
• Designed & iterated on forensics playbooks that use event logs, asset inventories, device telemetry, and various other data sources
• Familiar with relevant communication protocols and their security implications: TCP/IP, TLS, JSON, Protobuf, Modbus, BACnet, MQTT, etc.
• Familiar with relevant programming platforms and languages: Linux, Ubuntu, Python, Go, Kubernetes, Azure, React, SQL, etc.
• Comfortable working with hardware and embedded software, including various microprocessors, TPMs, bootloaders, etc.
• Developed technical or process documentation required to support project evaluation and deployments
• Managed incident response processes and assisted/conducted incident response planning, including the investigation, monitoring, and communication of security breaches
• Hands-on experience implementing communication networks, including: multi-layer network architectures, DMZ, jump/proxy servers, firewall rules, etc.

Preferred:

• Security accreditations: CIoTSP, CISSP, ISSAP, CISM, CEH, SANS certifications, CSSA, etc.
• Project management experience
• Networking certifications: CompTIA Network+, CCNA, CCNP, etc.
• Knowledge and experience of a broad range of policy, standards and common risk management methodologies: SOC2, NIST, ISO 27001/27002, COBIT, ITIL, ISO 9000/2000, etc.