Hiring: Staff Product Security Engineer (Embedded & IoT)
Location: Bengaluru (Hybrid)
Experience: 410 Years
Notice Period: Immediate to 30 Days (Preferred)
What you will do:
- Provide technical leadership and guidance to a team of Web, Embedded and IoT Security engineers.
- Execute and oversee Penetration Testing and Vulnerability Assessment activities for Embedded Systems and IoT devices.
- Leverage DevSecOps to embed security testing (SAST, DAST, Host Scanning, ATO Scanning, SBOM Generation) into all phases of SDLC. Develop/review technical documentation (procedures/work instructions/guidance documents) for technical services.
- Develop and maintain comprehensive test plans, methodologies, and tools for security testing.
- Conduct in-depth analysis of security vulnerabilities and propose mitigation strategies.
- Collaborate with cross-functional teams to design and implement secure Embedded and IoT solutions.
- Lead the SBOM Management program, ensuring accurate identification and documentation of software components and dependencies.
- Drive continuous improvement initiatives related to Embedded and IoT security, testing, and vulnerability management.
What you need:
Required Qualifications:
- Bachelors or master's in computer science engineering
- 4 to 10 years of experience
- Experience with threat modeling, risk assessment, and security architecture reviews for Embedded Systems and IoT solutions.
- Proficiency in C, CPP & Python programming language Familiarity with relevant standards and frameworks such as OWASP, NIST Cybersecurity Framework, and ISO 27001.
- Solid understanding of software development lifecycles and methodologies, particularly in the Embedded Systems and IoT context.
Preferred Qualifications:
- Proficiency in using security testing tools such as Burp Suite, Wireshark, Nessus, and Metasploit and DevSecOps principles.
- Experience in automation of routine tasks using tools like Jenkins and/or scripting languages such as PowerShell, Ruby, or Python.
- Understanding of Cloud based environments like Azure and AWS. At least one professional certification like ECSA Practical/CPENT/LPT/OSCP/OSWE/OSCE or similar involving practical exams.
