الوصف الوظيفي
Graduate / Post Graduate in Computer Science / IT security or related fields. 5-7 years of IT experience and minimum 3 years' experience in IT Security. Demonstrated expertise in the following: - Developing products and services for customers - Security architecture and design - Threat and risk analysis / threat modeling / security risk analysis - Security vulnerability monitoring / 3rd party software security evaluation - Security incident handling / security forensic analysis - Automated security tooling / vulnerability scanning / code analysis - Fuzz testing / penetration testing - Secure coding and design guidelines / secure software development lifecycle processes - HIPAA / HITECH regulations / FDA cybersecurity regulations for medical devices - Standards: IEC 62443, NIST SP 800-x, IEC 80001, CLSI AUTO11-Ax, ISO 27001 etc Certified Information Systems Security Professional (CISSP) or Certified Secure Software Life cycle Professional (CSSLP) or equivalent demonstrated expertise is beneficial. Areas of Responsbility: Support project teams in conducting the corresponding security activities during the development process, project management process and services and in product and solution release. • Participate in incident response teams, incident escalation • Participate in threat and risk analysis workshops • Provide expertise and support in security tools to product teams • Conduct product and solution security training and development of training material. • Develop and maintain security guidelines and guidance for product development teams. • Collect product & solution security related lessons learned and feed into continuous improvement activities (e.g. update of guidelines, reporting to PSSOs, integration in awareness material). • Stay up-to-date on the latest security threats/technologies. • Support the development of the PSS community within the organization, with experience exchange internally and externally. • support multiple projects at the same time and should occupy the function for the main part of defined working time. Contacts (internal/external): Internal: CYSO, CYSEs within other business units, Product Owner, Project Manager, Development and Test team, Architect, Quality and Risk Management, Business Management. External: Security Community, External companies (collaboration, standardization), Customer's security representatives
