Exciting Career Opportunity to create an impact, be a leader and set the vision for Cyber Security for years to come.
Principal Security Architect
100% Remote, will be required to travel up to 50% of the time to client site or vendor site, with some flexibility. Apply to learn more!
Responsibilities:
- Lead the product security program design, developing product security standards and processes, and defining appropriate program metrics.
- Conduct security reviews and coordinating penetration testing.
- Lead and coordinate with other technical members in secure design reviews/threat modeling, security code reviews, security test planning, and component security hardening, to identify potential security weaknesses.
- Be creative with technical solutions to solve security challenges in product architecture, implementation, testing, release, and operations.
- Work closely with other security professionals in Information Security Team to execute key functions such as secure code signing, secure manufacturing, and secure product operations.
- Interact with development and manufacturing partners to enable security of product components in the supply chain.
- Stay ahead and up to date with new secure system designs, development practices, threats, and attack techniques.
- Provide guidance to mitigate risks or future security concerns
- Contribute to the risk management process for product development.
- Perform analysis and execute POCs or POFs initiatives covering product security and advanced cryptography.
Required Skills:
- Knowledge and experience in one or more of the following areas:
- Embedded device security
- Application Security
- Security Testing / Penetration Testing
- DevSecOps
- Cloud security
- Cryptography
- Forensics or reverse engineering
- Knowledge of common security standards and best practices, such as NIST, ISO, CWE, OWASP Top 10, CERT Secure Coding Standards.
- Experience with Cryptographic Libraries
- Knowledge of Certificate & PKI
- Experience leading secure architecture, design, and code reviews.
- Direct development experience in languages including C,C+, Python, and Java
- Experience with CI/CD tools and practices
- Experience in Waterfall, Agile, DevOps, and/or V-Model development methodologies
- Experience with any of the application security tools as SonarQube, Fortify, or Clang
- Experience using CIS Security benchmarks or US DISA Security
- Experience with the Industrial or Consumer Internet of Things (IoT) products
Desired Skills:
- Experience with scripting (PowerShell or Python)
- Familiar with NIST CSF, ISO27001, and other security standards
- Experience in performing threat modeling and risk assessments
- Experience in participating in IT Security audits
Education/Experience:
- Master's degree or equivalent field experience
- 12+ years' related experience.
- Experience in medical device architecture a plus