Sr. Cyber Security Engineer, can be remote
Cyber security analyst
W2 Employee
Farmington, CT based client is seeking a highly motivated and results driven Senior Cyber Security Engineer to join their team.
The team is responsible for driving the product cyber security strategy to strengthen the cyber security posture of legacy and go-forward products and services. The position covers different aspects of the product life cycle, including pre-development, development and post-release.
Our client's products continue to provide differentiated features and services by increasing connectivity and harnessing the power of the Cloud, data analytics, IoT and novel integration mechanisms. As our client's products continue to define and shape new markets, the Cyber Security Team will play a crucial role and have direct measurable impact. The position will be based in Farmington, CT. The successful candidate will be required to travel approximately 20% of the time.
SPECIFIC FUNCTIONS / ESSENTIAL DUTIES:
-Work with global teams to ensure commitment to the cyber security strategy of minimizing flaws and improving product resiliency to cyber attacks by ensuring adherence to the integrated secure development lifecycle process
-Coordinate with both global engineering and DT teams to periodically update cyber security design policies and ensure that these policies are incorporated into product design, with requirements traceability and system validation and verification.
-Continually enhance the capabilities of the Cyber security team :
-Identification of technology and methodology gaps
-Participation and leading technical and industry committees
-Creation of discipline health score cards
-Develop and maintain plans for legacy product assessment and remediation, creating risk categories and prioritizations and closely working with the business units to develop a clear plan for remediation
-Interface with global teams and share best practices and lessons learned
-Refine and support the standard work associated with product cyber security incident response management
-Stay updated on latest cyber security hacking news, technologies and methodologies including:
The latest attack methodologies including penetration testing and red-team methodologies.
Latest forensic and incident response methodologies.
- Attend security or hacker conferences and build up a network of associates
-Work in an environment of continuous improvement and lean process and product development.
Education and Experience Requirements:
-Bachelor of Science/Engineering in cyber security, computer science or a related engineering discipline (at a minimum)
-8+ years of cyber security engineering and software systems development experience
-In-depth experience and knowledge of requirements capture, cyber security threat modeling and systematic discovery of threats, as a part of Secure Development Lifecycle
-Knowledge of different types of security vulnerabilities and safeguards at different layers of hierarchical systems, including the embedded layer and system layer
-Strong knowledge in various cryptographic systems and requirements for authentication, authorization and encryption for various types of systems
-Experience enforcing cyber security standards for software architectures, including ensuring that security standards are properly addressed and developing risk mitigation plans
-Intimate knowledge and experience with incident response management of cyber security reported as well as self-discovered vulnerabilities
-At least 2 years hands-on experience with penetration testing methodologies and tools
-Experience in program management or engineering project leadership of complex systems from the conceptual stage through to production for a global market. Intimate knowledge of software development methodologies and the software development lifecycle in agile as well as staged-gate process
-Knowledge of state of the art security analysis tools and various product cyber security safeguards. These include threat modeling, source code analysis, dynamic analysis, penetration testing and audit/compliance tools
-Excellent written and verbal communication and presentation skills, including presentation planning and delivery skills. Adept at communicating with globally disperse cross functional teams of design, marketing, service, manufacturing, aftermarket and R&D, including non-native English speaking team members.
-Prior product development background with various languages such as C,C++, C#, Java, Python
-Knowledge about NIST CSF and cyber security standards such as ISA and UL
-Cyber Security certifications such as OSCP, CEH, CISSP, GSEC is a plus