Product Security and Data Privacy Architect (HID1148)

Location: 
Remote North AmericaRemote
HID Global
2020-10-30
Job Type: 
Full-time
Functional Area: 
R&D Engineering
Job Level: 
Mid-Senior Level

The HID PACS Product Security and Data Privacy Architect will act as a subject matter expert and will support all areas of product cybersecurity and data privacy for the physical access control business area. In this role, you will help create and rollout a holistic product security program that encompasses the full product life cycle from initial design through development onto deployment including incident response. You will use your experience and judgement with cybersecurity controls and secure software and hardware development practices to plan and solve important challenges to accomplish goals. You will be the senior expert on the team focused on product and data security.

 

 

What you will be doing

  • Work with the product management compliance function to create and deploy to the PACS portfolio, a holistic product security and data privacy program. This will include, but not limited to, establishing baseline security requirements, threat model development, testing requirements and risk assessments.
  • Collaborate with Product Marketing and Product Management to develop the security roadmap for the HID PACS family of products and the end to end systems.
  • Create or provide input into policies, standards and procedures for product security that the organization will follow and enforce governance to those policies.Stay up to date on the latest vulnerabilities and determine if they can be exploited in HID products.
  • Review our existing implementations in both hardware and software related to security to determine deficiencies and vulnerabilities/risks or enhancements needed. Constantly monitoring for attacks and intrusions of any of the PACS systems and product portfolio.
  • Lead the PACS Product Security Incident Response efforts including the identification of affected products, assignment of severity, root cause analysis, and tracking mitigation efforts. Act at the PACS representative and key content contributor to resulting product security advisories.
  • Work closely with the HID Cybersecurity lead and peers in other business areas to align to HID policies, share knowledge and best practices, as well as needed support for PSIR.
  • Engage in customer communications when it is necessary to bring in technical expertise. Act as the PACS team's technical representative at conferences, presentations, and other outreach activities.
  • Research, design and advocate new technologies, architectures, and products that will support security requirements.
  • Assist on design reviews and code reviews focusing on product security and data privacy. Seeking to build in security and privacy capabilities during the development stages of our solutions.
  • Coordinate security assessments and penetration testing on the HID products
  • Manages cyber related agency approvals.
  • Review product security related documentation for accuracy to include hardening guides, white papers, marketing material.
  • Attend security conferences / training to stay up to date on the latest trends
  • Effectively collaborating, and communicating with engineers and research engineers in a multi- disciplinary environment. Co-ordinate security experts across the PACS business unit to provide complete system end to end guidance on security design.
  •  

 

What we are looking for

  • Minimum Bachelor’s or Master’s Degree in Computer Science, Computer Engineering, or Electrical Engineering
  • Five years professional experience in support of product development
  • One or more cybersecurity certifications CISSP, CSSLP, CEH, CIPT, CCSP, or equivalent
  • Experience in Secure SDLC (Secure Software Development Life Cycle) and CVE (Common Vulnerabilities and Exposures)
  • Understanding of Privacy by Design Principles
  • Passion for cryptography
  • Security+ certification or similar
  • Experience with SAST, vulnerability management, open source security issues, threat modeling, and working with third party penetration testers
  • Experience with firmware development, embedded Linux, and encryption strategies
  • Understanding of TLS and digital certificates
  • Familiarity with OpenSSL
  • Experience with FIPS 140-2
  • Familiarity with penetration testing tools and working with third party penetration test labs.
  • Experience with threat modeling
  • Experience with static code analysis and vulnerability scan tools and analyzing their output.
  • Experience with vulnerability management.
  • Knowledge of secure coding practices
  • Ability to use logic and reasoning to identify the strengths and weaknesses of end to end PACS systems
  • Strong IT skills and knowledge including hardware, software and networks with a deep understanding of how hackers work and ability to keep up with changing world of system security
  • Ability to work on complex tasks without technical guidance
  • Must have strong communication skills and be able to discuss technical topics with groups having a wide range of technical understanding and backgrounds.

 

 

Are you interested in joining our team?

 

Please submit your resume to us by November 30th, 2020

 

Please note that only direct applications to the recruitment portal provided will be considered. We are not accepting applications through third party sites. 

 

HID Global is an Equal Opportunity Employer/Minorities/Female/Disabled/Veteran 

 

 

HID Global powers the trusted identities of the world’s people, places and things. We make it possible for people to transact safely, work productively and travel freely. Our trusted identity solutions give people secure and convenient access to physical and digital places and connect things that can be accurately identified, verified and tracked digitally. Millions of people around the world use HID products and services to navigate their everyday lives, and over 2 billion things are connected through HID technology. We work with governments, educational institutions, hospitals, financial institutions, industrial businesses and some of the most innovative companies on the planet. Headquartered in Austin, Texas, HID Global has over 4,000 employees worldwide and operates international offices that support more than 100 countries. HID Global® is an ASSA ABLOY Group brand.