Purpose of Position: The Product Security Engineer works closely with software/Hardware engineering and product teams to achieve product security objectives. Support the implementation of secure development practices, threat modelling, design, vulnerability assessments and security verification, as well as defining the security standards for a variety of products and tools. Provide analysis of vulnerability testing, SCA and static analysis tooling and provide recommendations for remediation. Support development of product security processes and internal application of security tools, methods, and procedures. Briefly state (in 1- 3 sentences) why the role exists (note: do not go into key responsibilities) Example : The purpose of this document is to collect, analyze and define high-level user needs and features of the product. Focus on capabilities needed by the target users and why these needs exist. Record details of how the application fulfills these needs in the use-case specifications. Key Responsibilities: Compliance to Product security standards & customer and internal requirements Providing product security leadership & support to the engineering team with latest technology. Collaborating with the engineering team, Reliability & Field team to perform regular product security assessments and threat modelling. Review and validate results of external & internal product security vulnerability assessments and penetration tests Responding to product design vulnerabilities disclosed through threat detection systems & tracking closure. Develop inhouse capability to identify vulnerabilities and risks. Product Security artifacts and test repository maintenance Monitoring and driving security KPI’s Education & Experience : The ideal candidate will have. Total Experience in years: 8 to 12 years Graduation/ Degree: BE Electronics/ BTech Electronics Post-Graduation/ PGDM: Mandatory Certifications Required: NA Other preferred courses/ certifications: NA Background and Skills: The ideal candidate will have. Domain (Preferred Industry) – Industrial, Automobile, Payment & Banking, OEM Skills required (in detail) 5 years of experience in Information Security 2 years of experience in Embedded Product Security, Endpoint Security, Product Development Pipelines, Cloud Security, Application Security, Security Testing and/or similar area of security. Pragmatic, risk-based approach to security posture improvement CISSP, OSCP, CEH or other related Information Security certifications Good understanding of application security vulnerabilities and their mitigations Good understanding of security frameworks like NIST SSDF and NIST CSF Experience with implementing DevSecOps and maturing security in application and product development along with experience in vulnerability analysis from SCA and SAST tooling, or DAST and unit testing. Strong communication skills with all levels of an organization The ability to communicate and express complex ideas in terms others can understand and convey technical security decisions in terms of business outcomes Experience with IoT security architecture or industrial IoT
Job Title
Assistant Lead - Security