IoT Security Engineer

Job Description

• Report to the CISO and directly support the business unit leading IoT efforts to ensure secure operational deployments of IoT capabilities.
• Partner with leadership to govern IoT cybersecurity and risk posture of the IoT business unit.
• Provide leadership with risk managed remediation plans to address identified risk in IoT capabilities.
• Partner with existing business unit team to support application security capabilities to include static and dynamic testing. Ensure effective reporting and risk managed remediation actions occur.
• Assess/manage third party/supply chain risk that may impact secure deployment of IoT capabilities.
• Build and maintain effective relationship with not only technical teams but business units as well.
• Deliver targeted security and risk communications (verbal and written)to business leadership
• Contributeto the development and implementation of IoT security architecture, and the design of Information Security service and processes supporting the IoT business unit.
• Advise stakeholders on how to achieve the relevant controls and assist with solutions to support them.
• Ensure that processes are documented and communicated in language that is relevant and understandable to non-technical audiences as well as to be implementable by technical teams.
• Any other duties relating to the remit of a role of this standing as required by the needs of the business.

• Bachelor's degree and minimum 5 years of experience in Information Security, Information Assurance and/or Cyber Security space.Relevant experience and professional certifications may be considered in lieu of a degree.
• Experience in embedded/IoT device security or web services security specifically, with experience of performing threat modeling,software security audits,risk management,vulnerability discovery and analysis.
• Experience with Linux, Cloud platforms (AWS, Azure, or GCP), Kubernetes, Docker, or other container platforms
• Experience in the information security field designing and implementing enterprise security solutions.
• Experience with common software and system security vulnerabilities and methods of exploitation to include memory corruption, privilege escalation, web application exploitation, file format vulnerabilities, protocol-based weaknesses,access control weaknesses.
• Excellent verbal and written communication skills with a wide range of audiences including technologists, executives, business stakeholders and IT team members.
• Must be a critical thinker with strong problem-solving skills.
• High level of personal integrity, and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
• High degree of initiative, dependability and ability to work with little supervision.
• Ability to think at systems / architecture level I.e. How do all the parts of the solution fit together not just design at element level.
• Interest and predisposition to learn new systems and technologies.
• Knowledge of common wireless connectivity protocols with focus on protocol and implementation security vulnerabilities (e.g.Bluetooth,WiFi, 802.15.4,ZWave, ZigBee, LoRA)

• Advanced degree in applicable field

• Knowledge of hardware security mechanisms, including secure boot, trusted execution environments
• Experience with static and dynamic tools for vulnerability detection and exploit mitigation techniques,
• Interest in industry conferences or meet-ups such as Defcon, B-sides, etc.
• Cyber security risk management experience,e.g.conducting assessments, identifying risks, and recommending solutions.
• Professional information security certification, such as a CISSP, CRISC, CISA, etc.
• Expertise with NIST and ISO 27000 series, particularly NIST SP 800-53, NIST SP 800-171, ISO 27001/2.