Security Engineer

About Barco

Barco designs technology to enable bright outcomes around the world. Seeing beyond the image, we develop visualization and collaboration solutions to help you work together, share insights, and wow audiences. Our focus is on three core markets: Enterprise (from meeting and control rooms to corporate spaces), Healthcare (from the radiology department to the operating room), and Entertainment (from movie theaters to live events and attractions). We have a team of 3, employees, located in 90 countries, whose passion for technology is captured in granted patents. As part of BCR Software Development group at Barco our vision is to be a world class software team partnering with our businesses to offer successful software solutions and outcomes that delight our customers and set the trend in our dynamic markets.

BCR (Barco Control Rooms)

The Barco Control Rooms business unit is making workflow and visualization solutions for the Control Room market since to help operators collect, visualize and share critical information for optimal mission-critical decision making. Today, we are still the number one choice for control room professionals who want to stay on top of their situational awareness with + installations for critical infrastructure and critical operations.

Barco CTRL is our latest flagship software product. It is a simple, scalable and secure platform, that gives an operator full control over the information flow in an easy and intuitive way for faster and efficient decision making.

About the Role

Lead and mentor the group of R&D Security Champions and take ownership of the groups' meetings and activities

Provide security insights and feedback to R&D at highly technical level (e.g. during code reviews)

Lead R&D teams during threat modeling exercises and security risk analyses during design/development phases

Challenge R&D teams and system architects about the why and how technical security controls should be integrated

Design and document technical security controls in different product lines

Own and maintain process security controls in the design and development phases, e.g:

Threat modeling

Code review process

Application security testing (SAST, DAST, …)

Vulnerability management (e.g. of open source packages)

Vulnerability scanning (tooling and configuration)

Provide security support during product penetration tests executed by external partners

Take ownership of incident response management and vulnerability disclosure processes

Take ownership for ISO ISMS/audit product development related subjects

Contribute to the creation of security whitepapers of the different product lines

Key contact point for security/privacy related topics during pre-sales phase

Stay up to date with latest security/privacy technologies, trends and regulations

Inform Security Office about the state of security per product

Qualifications and Experience

Education:

Bachelor's/Master's degree in IT or information security, or equivalent by experience.

Experience:

At least 5 years of experience in information security management with a software development or software testing background

Experience with agile development process across international teams

Familiar with ISO x frameworks and risk assessment/treatment

Knowledge of third-party auditing and risk assessment methodologies

Familiar with security attack pathologies

Competencies:

Solid understanding of security protocols, cryptography, authentication, authorization and best practices

Proven experience with leading and guiding a group of stakeholders from different functions through threat modeling, utilizing STRIDE or other frameworks

Excellent knowledge of the Common Vulnerability Scoring System (CVSS) and its application during technical vulnerability assessment

Experience with management of 3rd party vulnerabilities through analysis of Software Bill of Materials (SBOM)

Ability to explain security concepts and security processes to technical stakeholders such as R&D Software Engineers

Very broad technical knowledge: from embedded devices to containerized deployments of services, from backend to frontend

Familiar with OWASP project (Top 10, ASVS, SAMM, …)

Coding skills: C, C++, JavaScript (Rust & Go a bonus)

Highly motivated individual with a genuine enthusiasm for information security and technology

Eager to stay up to date with latest technologies

Customer centric mindset

Good verbal, written, presentation, facilitation, and interaction skills, including ability to effectively communicate risks, issues and concepts to multiple organization levels and executive management

Good communication skills both verbal and written English

Ability to prioritize workloads and to know when to seek guidance

Differentiating Criteria:

Preferably holder of certifications like GIAC, CISSP, CISM, …

Disclaimer:

Barco is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulation