Cybersecurity Advisor

Description - External

About Schneider Electric

Schneider Electric's purpose is to empower all to make the most of our energy and resources, bridging progress and sustainability for all. We call this Life Is On.

Our mission is to be your digital partner for Sustainability and Efficiency.

We drive digital transformation by integrating world-leading process and energy technologies, end-point to cloud connecting products, controls, software and services, across the entire lifecycle, enabling integrated company management, for homes, buildings, data centers, infrastructure and industries.

We are the most local of global companies. We are advocates of open standards and partnership ecosystems that are passionate about our shared Meaningful Purpose, Inclusive and Empowered values.

Job purpose:

Schneider Electric is searching for a Cyber Security Advisor with a strong foundation in software engineering and development for its Energy Management Business CTO Cybersecurity Centre of Excellence  Team. This role is ideal for a seasoned developer who understands the software lifecycle, is passionate about improving code quality and security, and is eager to drive secure development practices across modern and legacy systems.

The Security Advisor regularly interacts with key stakeholders like representatives from offer development, architecture, regulations, conformity teams and technical leaders as well as stakeholders from the corporate Product Security Office (PSO) within Governance teams to ensure that cybersecurity guidelines and processes are executed in an efficient, effective, and compliant manner.

The ideal candidate will be able to combine process and technical advisory role with assertive engagement and escalation when appropriate. The idea is not only to have people only consulting and advising, but also "acting like owners" and having an impact in our "shift-left" strategy for "security by design".

Responsibilities:

•     Cybersecurity Integration in Development: Drive initiatives to enhance the overall cyber quality of software products through secure design and coding practices by providing direct support to development teams by assisting then in vulnerabilities triaging. Act as the Subject Matter Expert to ensure cybersecurity is embedded from the design phase in the Offer development process, supporting both legacy systems and modern cloud-native, agile environments.
• Secure Development Lifecycle (SDL) Enablement: Advise on securing both legacy applications and modern cloud-native architectures using agile methodologies and secure coding practices early in the development lifecycle, integrating security into CI/CD pipelines. Guide and coach development teams in implementing Secure Development Lifecycle practices such as threat modelling, secure design, secure coding, and security testing leveraging hands-on engineering and software development expertise.
•       Standards Compliance: Support deployment of Secure Development Lifecycle and cybersecurity functionalities aligned with standards such as IEC62443, and work to improve the effectiveness and efficiency of these processes.
• Risk-Driven Development: Ensure development teams adhere to risk-driven cybersecurity processes and controls throughout the development lifecycle.
• Audit Support: Support teams in conducting internal Secure Development Lifecycle audits and Formal Cybersecurity Reviews (FCSRs) and ensure compliance with Schneider data security and privacy processes.
• Privacy by Design: Perform foundational data protection and privacy screening of offers to ensure data privacy requirements are integrated from the initial design stages.
• Cross-Functional Collaboration: Work closely with Line of Business (LoB) developers to understand their needs and tailor security solutions accordingly. Represent offer development teams in Business Unit and PSO security meetings and workshops. Stay informed about new policies, procedures, cybersecurity standards, regulations, legislation, and technologies, and keep R&D leadership updated on relevant emerging activities.
• Training & Awareness: Conduct training sessions and presentations to enhance cybersecurity competencies across development teams.
• Maturity Monitoring: Track organizational maturity using cybersecurity maturity frameworks and track other Secure Development Lifecycle-related goals as directed.Community Engagement: Take an active part in the cybersecurity community not only in Energy Management but also globally at company level

Key Skills and Requirements

• 10+ years of experience in software development or engineering roles.

• Strong understanding of software development methodologies (Agile, DevOps, CI/CD).

• Experience with modern and legacy software systems.

• Familiarity with security tools (e.g., SAST, DAST, dependency scanning, container security).

• Proven ability to identify and remediate vulnerabilities in code.

• Strong communication skills with the ability to explain technical concepts to non-technical stakeholders.

• Curious mindset with a willingness to continuously learn and adapt.

• Ability to align operational/information security policies with business requirements.

• Process driven with attention to detail, ability to translate operational/information security requirements into security controls in coordination with architects.

• Ability to effectively adapt to and apply rapidly changing technology and security requirements to business needs.

• Foundational data protection & privacy knowledge or willingness to acquire it during tenure

Qualifications and Expertise

• Experience working in cloud environments (AWS, Azure, GCP).
• Knowledge of secure coding standards (e.g., OWASP, CWE).
• Familiarity with automated testing and code quality tools.
• Standing Certification in Cybersecurity Management such as CISSP, CSSLP; and/or IEC 62443 Certified Specialist.
• Experience of working in an Engineering/R&D group following a Secure Development Lifecycle based on standards such as IEC 62443, ISO 21434, or Microsoft SDL; with a proven ability to engage with management and development teams.
• Demonstrated ability to develop threat models, analysing threats, and rate threat severity using established industry practices
• Experience in driving corporate programs using influence, negotiation, and persuasion soft skill set.
• Knowledge of static code analysis tools, secure coding standards, fuzz and penetration testing, and formal security reviews.
• An understanding of domain appropriate communication mechanisms protocols
• A background in domain appropriate development (e.g., embedded, cloud, mobile, industrial automation, energy management)
• Self-starter and team player; ability to work independently and drive initiatives.
• Strong communication skills, including the ability to render concise reports, summaries, and presentations.
• Strong analytical and problem-solving skills.
• Project management or technical leadership skills preferred.
• Languages: good level English is mandatory

---