What You'll Do
The Senior Cybersecurity Engineer will be part of a global team of security experts driving Security by Design philosophy in Eaton product and solutions.
Lead Cybersecurity Engineer will be part of a global team of Cybersecurity experts driving cybersecurity for Eaton DevSecOps Projects.
He/she Will Be Responsible For
- Working closely with DevSecOps project teams to drive cybersecurity integration, deployment and monitoring in Eaton products.
- Performing Vulnerability Assessment & Penetration Testing on existing and upcoming Eaton products and solutions spanning a wide range of technologies including IoT devices, systems & solutions, web applications, mobile applications, thick clients, wireless devices, embedded systems deployed across industries such as electrical, vehicle, eMobility, hydraulics and aerospace.
- Driving Threat Modeling and Risk Assessment exercise with product teams early in the design and development phase to identify applicable cybersecurity requirements, in line with various cybersecurity standards.
- Providing hands-on guidance to product teams as they implement complex cybersecurity features and requirements in their products, in line with various cybersecurity standards.
- Evangelizing and providing technical security trainings to software developers and test engineers across the organization and evangelizing the importance of cybersecurity in other functions like product / project management & sales /services.
- Monitoring evolving threat landscape, cybersecurity technologies, standards, frameworks and drive continuous improvement in Eaton's cybersecurity requirements, frameworks and processes.
- Working with DevSecOps project teams, to provide continuous threat modeling, risk assessment, SAST, SCA and other automated tool runs, in CI/CD pipelines across scrum teams doing product development in Agile mode.
Qualifications
Bachelor's or master's degree in Computer Science, Electronics Engineering, Electrical Engineering.
7+ years of relevant experience in Product cybersecurity
Skills
The engineer should be -
- Understanding and experience in working across multiple phases of Secure Product Development Lifecycle, performing Penetration Testing of various technologies and Threat Modeling of products, systems and solutions. Focus on Cloud / Industrial IoT products is desirable.
- Coding experience in one or more general purpose languages
- Knowledge of attacks and mitigation in : Cloud-based applications, Network protocols and secure network design; Operating system internals and hardening (e.g. Windows, Linux, OS X, Android); Web application securtiy, Mobile App security.
- Having a knowledge of CI/CD pipelines, DevSecOps and tools for SAST, SCA and other CI/CD tools.
- Able to understand cybersecurity concepts in depth and be able to apply those concepts to Eaton products for cybersecurity testing.
- Able to perform Threat Modeling and Risk Assessment for Eaton products, (Handson experience in using Threat Modeler tool for Cloud project)
- Having hands-on experience in various Cybersecurity activities including but not limited to - Cybersecurity assessments and penetration testing; Authentication and access control; Applied cryptography and security protocols; secure coding; preferably on embedded, ICS and IoT products.
- Having hands on expertise with cybersecurity tools like Nessus, Black Duck, Defensics, Nessus, Burpsuite, Coverity, Kali Linux etc.
- Having Good understanding of security protocols (HTTPS, HSTS, TLS, SSH, 802.11 security, Bluetooth, Zigbee) and ICS protocols (IEC 61850, DNP3, Modbus, WirelessHART, CAN)
- Having knowledge of attacks and mitigation in : Network protocols and secure network design; Operating system internals and hardening (e.g. Windows, Linux, OS X, Android); Web application and browser security.
- Having certifications like CEH, OSCP is a plus.
1) Ability to work in and with diverse & multi-cultural and geographically dispersed teams
- Ability to collaborate across multi-disciplinary teams (legal, IT, product management, project management)
- Ability to present to various levels of engineering and business leadership globally.
- Excellent Documentation Skills
- Be a technical mentor to other members of the team and beyond as needed
