Cyber Security Engineer

Qualifications:

• Graduate/Post Graduate in Computer Science, IT Security, or related fields.
• 5-7 years of IT experience with a minimum of 3 years experience in IT Security.

Demonstrated Expertise:

• Developing products and services for customers.
• Security architecture and design.
• Threat and risk analysis, threat modeling, and security risk analysis.
• Security vulnerability monitoring and third-party software security evaluation.
• Security incident handling and security forensic analysis.
• Automated security tooling, vulnerability scanning, and code analysis.
• Fuzz testing and penetration testing.
• Secure coding and design guidelines, secure software development lifecycle processes.
• HIPAA/HITECH regulations and FDA cybersecurity regulations for medical devices.
• Standards: IEC 62443, NIST SP 800-x, IEC 80001, CLSI AUTO11-Ax, ISO 27001, etc.
• Certification such as Certified Information Systems Security Professional (CISSP) or Certified Secure Software Lifecycle Professional (CSSLP) or equivalent is beneficial.

Areas of Responsibility:

• Support project teams in conducting security activities during the development process, project management process, services, and product/solution release.
• Participate in incident response teams and escalation of security incidents.
• Engage in threat and risk analysis workshops.
• Provide expertise and support in security tools to product teams.
• Conduct product and solution security training and development of training materials.
• Develop and maintain security guidelines for product development teams.
• Collect security-related lessons learned and feed them into continuous improvement activities (e.g., update guidelines, reporting to PSSOs, integration in awareness materials).
• Stay up-to-date on the latest security threats and technologies.
• Support the development of the PSS community within the organization, including experience exchange both internally and externally.
• Support multiple projects simultaneously and prioritize tasks accordingly.

Internal Contacts:

• CYSO, CYSEs within other business units
• Product Owners, Project Managers, Development and Test teams, Architects
• Quality and Risk Management, Business Management

External Contacts:

• Security community, external companies (collaboration, standardization)
• Customer's security representatives