IT & Security Product Specialist
Company Apply Now
The position primarily deals with the end-to-end security of assigned products and working closely with R&D staff in achieving product and security objectives.
Requires deep understanding in key aspects of the hardware, software, protocols, cloud and related infrastructure technology stack as well as familiarity with security best practices and methodologies.
• Perform architecture reviews as part of product security process
• Perform security risk assessments and penetration tests
• Contributes to security requirements/use cases development
• Influencing product features and roadmaps
• Manage and implement security in assigned products
• Support in security compliance/regulatory documentation
• Building capabilities, tools, and help automate where possible driving improvements to product security process and practices
• Lead vulnerability/incident assessment in alignment with security vision
Qualifications (demonstrated competence):
- Bachelor’s Degree
- 4-5 years of experience in security space, preferably in product - hardware, software, cloud or mobile app development space
- Industry experience in a regulatory environment (a plus)
- The ability to fluently read, write, understand, and communicate in English
- Demonstrable knowledge and experience in one or more of the following areas:
- Knowledge of common security standards and best practices, such as NIST 800-53/800-160, ISO 270xx, CWE, CVSS, OWASP Top 10, CERT Secure Coding Standards.
- Experience leading secure architecture, design, and code reviews
- Operating Systems: Windows/Linux/Ubuntu/Android
- Cloud Containers, security controls for IaaS, PaaS, Serverless: AWS, Google Cloud Platform, Azure, identity and Management, Encryption/data protection, Key Management, Software security, cloud development areas
- Direct development experience in languages including C/C++ (x86 or ARM), Python, and Java; Go or Swift experience desirable
- Secure Development Processes including threat modeling, security requirements, test automation, vulnerability management etc.
- Familiarity with security vulnerability detection and security test automation tools such as Qualys, Nessus, Burp Suite, metasploit, and Klocwork.
- Excellent written and verbal communication skills; must understand and be able to deliver security concepts and challenges to various levels within the organization (e.g. developers, program management, business leaders)
- System security engineering
- Embedded device security
- Application or system hardening
- Security Testing / Penetration Testing
- Cloud security
- CEH: Certified Ethical Hacker
- CISM: Certified Information Security Manager
- CompTIA Security+
- CISSP: Certified Information Systems Security Professional
- CISA: Certified Information Security Auditor