What you will do
Liaising with the Hardware/Firmware and Software engineering teams to schedule code reviews/scans as per guidelines outlined by JCI cyber Security Board.
Working with Senior Cyber architect to run and discuss results of scans, assess where the risks lie, how best to mitigate
Working with the development team to address cyber risks
Being the gatekeeper and working with the development team and our customers ensuring that all products and solutions released to the market adhere to the latest security standards.
How you will do it
You will work across multiple parallel project releases and work items and will have a strong desire to actively champion product cybersecurity best practices. The ideal candidate will take ownership of issues and work on own initiative, driving work items to successful completion. You will have good time-management and organizational skills and be a continual learner, aware of the ever-changing nature of cybersecurity and keen to stay on top of the latest developments.
What we look for
Basic familiarity with, and keen interest in, formal cybersecurity controls and best practices. E.g., OWASP Top 10, NIST 800-53.
Ability to liaise and negotiate amongst multiple product stakeholders, including:
Engineering management, architects, and lead engineers
Product Security Incident Response Team (PSIRT)
Global Cybersecurity architects
Product Management
Supplier Assessment Team
Site Reliability Engineering (SRE)
Legal (Software Copyright / Licensing Compliance, Trade Compliance)
Individual software and hardware engineers
Previous development experience, including familiarity with authentication, authorization, and SDKs and local and remote APIs.
Basic networking experience and understanding
Understanding of, including ability to reason about and explain common cybersecurity vulnerabilities. E.g., can (to some extent) compare and contrast SOME of:
Authentication vs. authorization
Vulnerability vs. weakness
Hashes vs. ciphers
SQL injection vs. OS injection
RNG vs. PRNG vs. cryptographic RNG
High entropy passwords vs. low entropy
HSM vs. TEE
TLS v3 vs. SSL v3
Stack overflow, buffer overflow, and integer overflow / wraparound.
Certificate vs. key
Signature vs. hash
Desirable:
Basic understanding of software release pipelines: e.g., VCS, branching/tagging, GitOps, software signing, versioning, CI/CD.
Cybersecurity qualifications, such as Security+, CCSP, CISSP, CEH, etc.
Familiarity with Common Vulnerability Enumerations (CVE’s), Common Weakness Enumerations (CWE’s).
Familiarity with multiple operating systems, including Windows and Linux
Degree (or equivalent experience) in a STEM subject, particularly cybersecurity, computer science, software engineering, or electronic engineering.
Basic understanding of software architecture diagrams, attack vectors, and threat modelling, including an ability to create threat models and reason about attack vectors involving multiple vulnerabilities.
Basic understanding of asymmetric vs. symmetric cryptography
A skilled communicator, able to liaise with multiple levels of engineering and management staff
A reasonable degree of previous project / ticket management experience. E.g., SCRUM management, sprint reviews, etc.
#LI-Hybrid
#GOSIA
The latest news, articles, and resources, sent to your inbox weekly.
Req ID:469643 Location:DerbyAppointment Basis:Permanent Excellent Salary + Benefits Include: Pension, Contributed Healthcare, Life Assurance, plus many flexible benefits At Alstom, we understand transport networks and what moves people. From high-speed trains, metros, monorails, and trams, to turnkey systems, services, infrastructure, signalling and digital mobility, we offer our diverse customers the...
Alstom Derby
What you will doAs a field cybersecurity operations manager, you will drive a transformational cybersecurity program to reduce cybersecurity risk for our customers’ smart building system deployments. This role will establish and manage lifecycle best practices, policies, standards and processes for product installation, servicing and support.You will be responsible for...
Johnson Controls Belfast
Location: Reading, United KingdomThales people architect identity management and data protection solutions at the heart of digital security. Business and governments rely on us to bring trust to the billons of digital interactions they have with people. Our technologies and services help banks exchange funds, people cross borders, energy become...
Thales Reading
Comcast brings together the best in media and technology. We drive innovation to create the world's best entertainment and online experiences. As a Fortune 50 leader, we set the pace in a variety of innovative and fascinating businesses and create career opportunities across a wide range of locations and disciplines....
Comcast Corporation London
Rullion are looking to recruit for the following positionRole: OT Cyber Security SpecialistLocation: Warwick (once a month)/ Work from HomeStart Date: ASAPDuration: 12 months +Rate: £500 P/day INSIDE IR35Must be UK BasedPosition main responsibilityThe candidate will report to the Lead Execution Manager for Industrial Cyber Security.Support Digital Products and Solutions...
Warwick
Bring your passion, ideas and purpose to life in a company that can truly help you achieve your full potential.World Leader in Blood Glucose Monitoring, Abbott Diabetes Care designs, develops and manufactures glucose monitoring systems for use in both home and hospital settings.At the ADC Witney site we manufacture and...
Abbott Witney
