Senior Product Security Engineer IRC263202

Description

In Grid Integration Services we are at the forefront of the digital revolution: through digital services, we enable our customers to increase the reliability of their assets and systems while optimizing costs. For our growing R&D team, we are looking for a hands-on product security engineer who ensures that our SW solutions fulfill the highest standards of cyber security, integrate with the software ecosystem of our company, and can be taken over by the software operations team. Are you a result-oriented team player who fosters a positive work culture? Are you ready to drive digitalization and innovation for rapidly changing power grids? Are you willing to continuously drive improvement and occasionally get your hands dirty? Then do not hesitate and submit your application today!

Requirements

• Bachelor’s degree in computer science, information technology, or similar
• At least 2 years of experience in software development
• Experience in agile software development processes and security development lifecycle processes
• Knowledge of system administration, networks, infrastructure (switches, routers, firewalls), configuration, troubleshooting, and root cause analysis
• Strong understanding of cyber security standards, guidelines, and best practices for building highly resilient hardened software systems (e.g., NIST, CIS, and OWASP)
• Experience in system security, product / application security architecture, network security, and web services
• Experience in implementation, configuration, operation, maintenance, and troubleshooting of security controls such as L3 and L7 firewalls
• Experience with static code analysis, dynamic code analysis, open-source software scanning, software composition analysis
• Experience with industrial data transfer protocols such as OPC, IEC 61850, OCPP, MQTT, and similar is an advantage
• Preferably experience in
   Linux, Windows, and mobile environments
   Docker and Kubernetes
   C#, .Net Framework, .Net (Core)
   Microservices and containerized applications
   Azure cloud environment
• Need to be ready for a business trip
• Fluency in written and spoken as well as technical writing English
• Ability to work independently with a sense of ownership and responsibility
• Communication and interpersonal skills and intercultural sensitivity
  #LI-AB8 #LI-Remote

Job responsibilities

• Act as an individual contributor in RD team and lead the product security efforts
• Own, enforce, and continuously improve the security development lifecycle process according to IEC 62443-4-1 standard
• Prepare security requirements documents as part of product requirements engineering and customer solution development phases
• Prepare security architecture and design documents in response to requirements specifications, develop associated user stories, and drive them through the product development lifecycle
• Conduct and document threat modeling and attack surface analysis for product releases
• Conduct code reviews to ensure compliance to the security development lifecycle as well as security architecture and design
• Ensure products are meeting Hitachi Energy’s minimum cyber security requirements or if customer-specific or respective standards such as IEC 62443-3-3 or IEC 62443-4-2
• Develop, implement, and configure security controls and solutions (e.g., L3 and L7 firewalls) concluded with respective quality assurance and user acceptance testing activities
• Conduct security risk assessments and drive the product releases through Hitachi Energy cyber security clearance process and respective tests in close collaboration with Hitachi Energy product security officers and security assurance teams
• Analyze the developed code, prepare bug reports, conduct root cause analysis, suggest fixes, implement and / or ensure implementation of the identified solution, subsequent verification and validation steps
• Deploy and operate security solutions for internal / external customer projects in on-premise and / or off-
  premise models
• Act as L3/L4 support team member for security incident (e.g. vulnerabilities) management process
  Engage with internal / external software development vendors

What we offer

Culture of caring. At GlobalLogic, we prioritize a culture of caring. Across every region and department, at every level, we consistently put people first. From day one, you’ll experience an inclusive culture of acceptance and belonging, where you’ll have the chance to build meaningful connections with collaborative teammates, supportive managers, and compassionate leaders. 

Learning and development. We are committed to your continuous learning and development. You’ll learn and grow daily in an environment with many opportunities to try new things, sharpen your skills, and advance your career at GlobalLogic. With our Career Navigator tool as just one example, GlobalLogic offers a rich array of programs, training curricula, and hands-on opportunities to grow personally and professionally.

Interesting & meaningful work. GlobalLogic is known for engineering impact for and with clients around the world. As part of our team, you’ll have the chance to work on projects that matter. Each is a unique opportunity to engage your curiosity and creative problem-solving skills as you help clients reimagine what’s possible and bring new solutions to market. In the process, you’ll have the privilege of working on some of the most cutting-edge and impactful solutions shaping the world today.

Balance and flexibility. We believe in the importance of balance and flexibility. With many functional career areas, roles, and work arrangements, you can explore ways of achieving the perfect balance between your work and life. Your life extends beyond the office, and we always do our best to help you integrate and balance the best of work and life, having fun along the way!

High-trust organization. We are a high-trust organization where integrity is key. By joining GlobalLogic, you’re placing your trust in a safe, reliable, and ethical global company. Integrity and trust are a cornerstone of our value proposition to our employees and clients. You will find truthfulness, candor, and integrity in everything we do.

About GlobalLogic

GlobalLogic, a Hitachi Group Company, is a trusted digital engineering partner to the world’s largest and most forward-thinking companies. Since 2000, we’ve been at the forefront of the digital revolution – helping create some of the most innovative and widely used digital products and experiences. Today we continue to collaborate with clients in transforming businesses and redefining industries through intelligent products, platforms, and services.