Serving as subject matter expert for Cyber/Product Security having strong software engineering skills
Strong knowledge of secure software development lifecycle and practices such as threat modeling, security reviews, penetration tests, and security incident response
Understanding of security by design principles and architecture level security concepts. Work closely with the team to understand products (connected devices) in depth and to document the product details including the security architecture, attack surface, trust boundaries and data flows. Help engineering team to develop Threat Models that enumerate cybersecurity threats by attack surface.
Identification & Documentation of product cybersecurity requirements, cybersecurity risk analysis, verification and validation protocols.
Provide product security related coaching/mentoring and security expertise for all software and firmware development teams
Work with the product/engineering teams to define & verify security mitigations, provide guidance during mitigation development.
Knowledge of security test and verification scripts for testing GUI, Operating systems like Linux and Interfaces like RS-485. Assist engineering team in conducting security verification and validation efforts.
Lead internal Security research, reviews and POCs of operating systems and applications for compliance with policy, industry standards and manufacturer recommended security baselines
Responsible for entire security compliance of all engineering projects from the third party Security Audit perspective lead implementation and compliance efforts necessary to achieve the same
Help to develop, maintain and implement security policy, standards and procedures across the organization
Provide technical design and architectural leadership, including documenting and diagramming the logical, physical, and process views
Communicate leading industry practices by giving presentations, working with project teams, and authoring content aimed at educating others about standards, strategies, and otherwise defined leading practices
Design and conduct cyber security risk assessments or tests to identify security exceptions and design practical compensating controls
Prepares and maintains technical user guides, SOPs, security architecture documentation and diagrams
Maintain an up-to-date understanding of industry best practices, and monitor the legal and regulatory environment for developments that could require changes to established policies, standards, and practices
Support and improve technical security awareness training for software architects and development groups
Demonstrable understanding of security principles and methods, technologies, and standards
Understanding of OWASP or CWE vulnerabilities along with their exploits, risks, and mitigations
Drive a standardized set of security product requirements into product and service offerings.
Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities
* Technical Skill [Required]
At least 5 years of experience as a threat intelligence analyst
In-depth knowledge of security concepts regarding web, Linux and infrastructure security. Understanding of current and emerging security technologies and threats.
Proficient with methodologies, tools, best practices and processes across various cybersecurity areas.
Experience in Software Composition Analysis (SCA) / Static Application Security Testing (SAST) / Dynamic Application Security Testing (DAST) tools, secure coding objectives and principles, vulnerability classification scoring and ranking systems
Implementing PKI infrastructure/Cryptographic Keys, secure boot, secure communications (BLE, WiFi, Zigbee, etc.), Identity management, secure firmware Development, secure firmware updates & patch management, configuration management
Hardening security for binary executable loaded on the device, memory protection process
Knowledge on Internal communications Protocols, Open ports, JTAG debugging, Exacting Firmware from EEPROM /FLASH memory, Tampering
Binary Analysis, Reverse Engineering, Analyzing different file system, Sensitive key and certificates, Firmware Modification
Radio Security Analysis
Proven experience with threat modelling and risk analysis.
Ability to gather written and verbal information from multiple sources, assess and consolidate risks to provide appropriate recommendations.
Hands-on experience with penetration testing and vulnerability analysis frameworks and tools.
Experience in developing test routines and protocols to validate security mitigations.
Experience on performing threat modelling of a product. Hands on Experience on SD Element Tool and/or other comparable tools
Demonstrated experience of leading security tools adoptions such as Black Duck Hub, Coverity, etc. in a regulated environment.
Proficient with Cyber Security Standards like ISO 27001/2, NERC, NIST, ISO 15408, ANSI / IEC 62443, GDPR, HIPAA, ISO/IEC 27032
Desired: Experience with security analysis of Industrial fire safety products, Automotive Systems, Medical Systems and Sensor to Cloud based IoT systems.
Programming experiences in one or more languages (scripting/functional/imperative — C/C++, Java, Python, Scala, R, etc)
Hands on experience with encryption (IPSEC, AES, GRE, IKE, MD5, SHA, 3DES), cryptographic standards, communication protocols, security standards and vulnerabilities
Application or software security certifications are preferred, such as CISSP-ISSEP and/or CISSP-ISSAP, CEH, or OSCP, CSSLP, GIAC GWEB/GSSP-Java/GSSP-.NET, etc
* Soft Skills [Required]
Self-driven and motivated
Very good communication skills
Hungry to learn new technology
Positive attitude
Problem Solver
Deliver business value through Right and Fast partnership Technical Skills & Specific Knowledge Required .OSCP- Offensive Security Certified Professional (Offensive...
Apply For This JobJob Description What We’ll Bring: e are looking for techno functional profiles to fill TU CIBIL Information Security contractual /...
Apply For This JobJob Description About KPMG in India KPMG entities in India are professional services firm(s). These Indian member firms are affiliated...
Apply For This JobJob Description What impact will you make Every day, your work will make an impact that matters, while you thrive...
Apply For This JobPosition Overview Role Description As I&A on-boarding Information Security Analyst you will be responsible to perform on-boarding assessments if an...
Apply For This JobJoin the industry leader to design the next generation of breakthroughs Reporting to the Sr Cloud Dev Manager, this role...
Apply For This Job