Product & Solution Security Expert (Psse) [osa]

Change the future with us

We’re looking for forward-thinking, ambitious game-changers like you to be part of our cybersecurity team. This role is based in Bengaluru, India. Together let’s build groundbreaking security solutions and infrastructures that protect our data and the digital assets of our customers, teams impacting entire industries, cities, and even countries. Help us seek & solve tomorrow’s challenges today

About the job

The Product & Solution Security Expert (PSSE) for Secure Implementation provides technical consultation to OT product development teams to enable implementation of the required product & solution security. The PSSE needs to have experience in the following areas: development/testing on the Linux and Windows environments. The PSSE will function as an expert consultant as part of the PSS CoE, supporting multiple project teams.

**Responsibilities**:
Support project development teams to incorporate appropriate security practices across the development lifecycle (from product / solution concept to release).
- Risk Management & Compliance - Review documents produced during the development and engineering process (e.g., threat and risk analysis results, requirements specs, arch & design specs, test specs, user documentation) regarding PSS.
- Threat & Risk Analysis -Identify security weaknesses and vulnerabilities in the product, solution, or service offering, analyze the threats that might exploit these weaknesses or vulnerabilities, and evaluate the resulting risks. Organize & facilitate threat & risk analysis workshops in accordance with organizational processes (including periodic triggering of workshops based on changes to the product and/or changes to the attack surface).
- Security Requirements - Specify and maintain security requirements for the project. Support for meeting international and regional security standards (e.g., ISA/IEC 62443, GB 40050-2021) and regional regulations (e.g., Chinese Cybersecurity Law).
- Secure Suppliers & Components - Evaluate third-party suppliers & components regarding PSS and providing clearance of implementation and documentation of security critical components (e.g., cryptographic functions, hidden functions, firewall settings).
- Secure Development - Perform code analysis to identify security vulnerabilities and check compliance with secure coding guidelines.
- Security Testing - Perform verification of implementation regarding security requirements (e.g., as part of system test, factory, or site acceptance test). This includes recommendation and creation of security testing tools. Support validation (e.g., friendly hacking, penetration testing) to ensure that implementation fulfills security expectations of customers (e.g., to identify security vulnerabilities, and to evaluate the effectiveness of remediation measures). This includes recommendation and creation of security testing tools.
- Vulnerability Management - Support project teams to analyze vulnerabilities for their risk, prioritize and suitably mitigate risks to the products
- Incident Management - Support Product CERT incident handling teams (no direct responsibility)

Required Skills and Experience
- BE/BTech/MTech/MCA in Electronics/Instrumentation/Computer Science.
- Overall experience of at least 10 years in Information technology/Software development.
- At least 5 years’ experience in defining security controls & measures for IACS/SCADA.
- Active IT security certifications (CISSP, CSSLP or equivalent).
- Up-to-date knowledge on the threat landscape, including capabilities of attackers, available attacker tools, and typical security weaknesses & vulnerabilities.
- Excellent understanding (conceptual and implementation) of Asset Management incl., Passive & Active Asset Detection and Asset Vulnerability Association.
- Excellent understanding (conceptual and implementation) of Anomaly Detection (Host & Network) and configuration/implementation/operation of SIEM solutions.
- Experience in programming (C, C++, Java, JavaScript) in Linux & Windows and scripting (e.g., bash scripts) and ready to learn new technologies (e.g., Go).
- Experience on securing containers (esp. Debian based distributions).
- Knowledge of benchmarks (e.g., CIS-Security benchmarks and Microsoft security baselines).
- Experience in remote access, malware prevention system, Snort IDS/IPS, Nessus.
- Knowledge of PKI and certificate-based authentication
- Knowledge of IIOT and digitalization solutions
- Excellent communication and influencing skills

What else do I need to know?