Product Cybersecurity Engineer

·
Full time
Location: Crumlin
·
Job offered by: Johnson Controls
·
Category: IT & Technology
Liaising with the Hardware/Firmware and Software engineering teams to schedule code reviews/scans as per guidelines outlined by JCI Cyber Security Board. Working with Senior Cyber Architect to run and discuss results of scans, assess where the risks lie, and how best to mitigate. Working with the development team to address cyber risks. Being the gatekeeper and working with the development team and our customers ensuring that all products and solutions released to the market adhere to the latest security standards. How you will do it You will work across multiple parallel project releases and work items and will have a strong desire to actively champion product cybersecurity best practices. The ideal candidate will take ownership of issues and work on their own initiative, driving work items to successful completion. You will have good time-management and organizational skills and be a continual learner, aware of the ever-changing nature of cybersecurity and keen to stay on top of the latest developments. What we look for Basic familiarity with, and keen interest in, formal cybersecurity controls and best practices. E.g., OWASP Top 10, NIST 800-53. Ability to liaise and negotiate amongst multiple product stakeholders, including: Engineering management, architects, and lead engineers Legal (Software Copyright / Licensing Compliance, Trade Compliance) Individual software and hardware engineers Previous development experience, including familiarity with authentication, authorization, and SDKs and local and remote APIs. Basic networking experience and understanding. Understanding of, including ability to reason about and explain common cybersecurity vulnerabilities. E.g., can (to some extent) compare and contrast SOME of: Vulnerability vs. weakness Hashes vs. ciphers RNG vs. PRNG vs. cryptographic RNG High entropy passwords vs. low entropy HSM vs. TEE TLS v3 vs. SSL v3 Stack overflow, buffer overflow, and integer overflow / wraparound. Certificate vs. key Signature vs. hash Basic understanding of software release pipelines: e.g., VCS, branching/tagging, GitOps, software signing, versioning, CI/CD. Cybersecurity qualifications, such as Security+, CCSP, CISSP, CEH, etc. Familiarity with Common Vulnerability Enumerations (CVE’s), Common Weakness Enumerations (CWE’s). Familiarity with multiple operating systems, including Windows and Linux. Degree (or equivalent experience) in a STEM subject, particularly cybersecurity, computer science, software engineering, or electronic engineering. Basic understanding of software architecture diagrams, attack vectors, and threat modelling, including an ability to create threat models and reason about attack vectors involving multiple vulnerabilities. Basic understanding of asymmetric vs. symmetric cryptography. A skilled communicator, able to liaise with multiple levels of engineering and management staff. A reasonable degree of previous project/ticket management experience. E.g., SCRUM management, sprint reviews, etc.

#J-18808-Ljbffr

Recent Jobs

London (On site) · Full time

Are you a smart, driven professional who takes pride in making a difference in local communities? Turner & Townsend’s Real Estate division is experiencing significant growth and we’re looking for an experienced industry professional with health project experience to join our high-performing and collaborative Project Management team. Why Join Us? Impactful Work: Contribute to social [...]Read More... from Assistant Project Manager – Healthcare See details

Chasetown (On site) · Full time

My client, Autosmart International are a manufacturing success story! Site Operations Manager – leading fast-paced manufacturing and warehousing About Our Client Autosmart International is a manufacturing success story, leading the field in vehicle cleaning products. We are the No.1 choice of automotive trade customers across the UK. We have doubled in size in the last [...]Read More... from Site Operations Manager See details

London (On site) · Full time

CSS are looking for an experienced duty officer to join our client’s team who are a local council responsible for all areas within the Tendering district. Working hours: All shifts are 8 hours long with various start times available: Monday to Friday – start times between 6AM – 3PM Saturday & Sunday – 6AM – [...]Read More... from Duty Officer See details