Sr Advanced Cyb Sec Archt/Engr

Key Responsibilities:

Cybersecurity Design & Implementation:

• Lead the design and implementation of robust cybersecurity solutions for building automation systems.
• Conduct thorough security assessments, identify vulnerabilities, and propose risk mitigation strategies to enhance system security.

Security Assessments & Risk Analysis:

• Perform security assessments, including threat modeling, vulnerability assessments, and risk management, to ensure the security of products and systems.
• Provide actionable insights to mitigate identified risks, ensuring that systems meet high-security standards.

Collaborative Development:

• Work closely with cross-functional teams (product development, engineering, and operations) to integrate security measures into the development lifecycle of products and systems.
• Promote secure software development practices and contribute to ensuring security is prioritized at every stage of product design and development.

Mentorship & Guidance:

• Act as a technical mentor for junior cybersecurity professionals, offering guidance on security best practices and career development.
• Foster a culture of cybersecurity awareness and continuous learning within the team.

Incident Response:

• Participate in incident response activities, bringing your expertise to promptly resolve security incidents and minimize their impact.
• Analyze and learn from security incidents to strengthen security measures and improve future responses.

Qualifications:

Must Have:

• 5+ years of software development experience, with at least 2 years focused on developing secure systems.
• Background in product architecture and development, with experience in the secure software development lifecycle (SDLC) and security by design principles.
• Extensive experience in:
• Security requirements reviews
• Threat modeling
• Security architecture & design reviews
• Secure code reviews
• Vulnerability assessments and risk management.
• Proficiency with commonly used security tools, including:
• SD Elements, BlackDuck Hub, Microsoft Threat Modeling Tool
• SAST tools like Coverity, SonarQube
• DAST tools like Burp Suite, ZAP, AppSpider
• Fuzzing and vulnerability management tools.
• In-depth knowledge of cybersecurity technologies, frameworks, and best practices.
• Strong interpersonal and leadership skills, with the ability to negotiate priorities and resolve conflicts among stakeholders.
• Excellent communication skills to convey complex technical concepts to both technical and non-technical stakeholders.

We Value:

• Bachelor's or advanced degree in Cybersecurity, Computer Science, or related field.
• Proven leadership skills with experience managing cybersecurity teams and driving security initiatives.
• Experience and hands-on knowledge of penetration testing methodologies and tools.
• Up-to-date knowledge of current and emerging security threats, and techniques for exploiting vulnerabilities.
• Understanding of Agile software development practices and how to implement them within cybersecurity frameworks.
• Sound understanding of cryptography, encryption algorithms, PKI, secure boot, and open-source risk management.
• Relevant security certifications, such as CSSLP, CISSP, or other industry-recognized credentials.