Lead Engineer – Product Cyber Security

He/she will be responsible for: A. B. Be accountable for identifying, reporting, and mitigating cybersecurity risks within the division, including impact assessments on financial, safety, and operational aspects.Translate customer/industry cybersecurity requirements into actionable product controls; assess impact on architecture, cost, and timelines C. Driving Threat Modeling and Risk Assessment exercise with product teams early in the design and development phase to identify applicable cybersecurity requirements focusing embedded and cloud products, in line with various cybersecurity standards. Lead or facilitate architecture reviews and threat modeling; recommend mitigations across firmware, software, hardware, and connectivity. D. Providing hands-on guidance to product teams as they implement complex cybersecurity features and requirements in their products, in line with various cybersecurity standards. D. Evangelizing and providing technical security trainings to software developers and test engineers across the organization and evangelizing the importance of cybersecurity in other functions like product / project management & sales /services. F. Working with project teams, to provide continuous threat modeling, risk assessment, Tool based assessments, SAST, SCA and other automated tool runs, in CI/CD pipelines across scrum teams doing product development in Agile mode. Own or co-author key cybersecurity documents (e.g., Cybersecurity Product Requirements, Detailed Requirements Annexure, Design & Implementation Review, Secure Configuration Guidance, Vulnerability Management Plan, EULA inputs) G. Collaborate with product teams to define and interpret cybersecurity requirements, assess their impact on product design and development, and identify robust technical solutions to ensure compliance and security throughout the product lifecycle H. Drive “shift-left” practices; onboard projects to enterprise platforms (Code Signing, Black Duck SCA, Coverity SAST) and enforce gating criteria. I. Coach engineers and champion security culture; help define role-based training paths and uplift maturity.” Bachelor’s or master’s degree in Computer Science, Electronics Engineering, Electrical Engineering. “8+ years of relevant experience in Product cybersecurity, in product/embedded/application cybersecurity or secure product development. 5+ years Hands-on experience with secure boot, secure firmware/software update, crypto (PKI, key management), authentication/authorization, logging & monitoring, and hardening for embedded or connected products.” “The engineer should be – 1) Understanding and experience in working across multiple phases of Secure Product Development Lifecycle, performing Penetration Testing of various technologies and Threat Modeling of products, systems and solutions. With a focus on Cloud / Industrial IoT / Critical Infastructure products (Must have). 2) Knowledge of attacks and mitigation in : Cloud-based applications, Network protocols and secure network design; Operating system internals and hardening (e.g. Windows, Linux, OS X, Android); Web application securtiy Mobile App security. 3) Having a knowledge of CI/CD pipelines and tools for SAST, SCA and other CI/CD tools. 6) Having hands-on experience in various Cybersecurity activities including but not limited to – Cybersecurity assessments and penetration testing; Authentication and access control; Applied cryptography and security protocols; secure coding; preferably on embedded, ICS and IoT products. 7) Experience in one or more domains: Industrial/OT, eMobility/automotive, data center, IoT/IIoT, gateways/cloud connectivity. 8) Having Good understanding of security protocols (HTTPS, HSTS, TLS, SSH, 802.11 security, Bluetooth, Zigbee) and ICS protocols (IEC 61850, DNP3, Modbus, WirelessHART, CAN) 9) Having knowledge of attacks and mitigation in : Network protocols and secure network design; Operating system internals and hardening (e.g. Windows, Linux, OS X, Android); Web application and browser security. 10) Having certifications like CSSLP/SANS 549/SANS 510/CCSP (any one ) is a plus. 11) Familiarity with enterprise project tools (Jira) and stage/gate frameworks; experience preparing for external audits and customer assessments. 12)Contribution to security standards, internal frameworks, or enablement (training, playbooks, reference designs).” “1) Ability to work in and with diverse & multi-cultural and geographically dispersed teams 2) Ability to collaborate across multi-disciplinary teams (legal, IT, product management, project management) 3) Ability to present to various levels of engineering and business leadership globally. 5) Be a technical mentor to other members of the team and beyond as needed”