Security Engineer

Project Role : Security Engineer
Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats.
Must have skills : Product Security
Good to have skills : NA
Minimum 5 year(s) of experience is required
Educational Qualification : 15 years full time education

Job Description: Product Security Testing Specialist - IoT, Embedded Devices, Hardware, Medical Instruments and automotive connected cars security We are seeking a highly skilled and motivated Product Security Testing Engineer with 6-8 years of proven expertise in IoT, embedded devices, hardware medical instruments and automotive/connected car security. The ideal candidate will have a strong background in security testing methodologies, risk assessment, and a deep understanding of the unique challenges posed by IoT, medical devices and software defined vehicle. This role requires a practical approach to identifying, assessing, and mitigate security flaws in our products as well as expertise in leading and mentoring a group of product security experts. Key responsibilities: • Conduct and lead thorough security assessments of IoT devices, embedded systems, hardware components, and medical instruments. • Conduct security assessments of connected car systems, including in-vehicle networks, infotainment systems, telematics, and communication interfaces. • Identify vulnerabilities and weaknesses in the design, implementation, and configurations of automotive software and hardware components. • Assess the security of in-vehicle communication networks, including CAN bus, Ethernet, and wireless protocols. • Perform penetration testing, vulnerability assessments, and code reviews to identify security weaknesses. • Evaluate the security of IoT ecosystems, including communication protocols, cloud interfaces, and firmware. • Assess the security of embedded systems and identify potential vulnerabilities in both software and hardware. • Perform hardware penetration testing to identify vulnerabilities in electronic systems. • Assess the security of medical devices, ensuring compliance with industry regulations and standards. • Identify and address security risks associated with healthcare information systems and connected medical instruments. • Evaluate and prioritize security risks based on potential impact and likelihood. • Provide recommendations and collaborate with cross-functional teams to implement effective security controls. • Stay current with emerging security threats, vulnerabilities, and testing methodologies. • Implement best practices for security testing and collaborate with development teams to integrate security into the development lifecycle. • Document security testing processes, findings, and remediation recommendations. • Generate comprehensive reports for stakeholders, including technical details and actionable insights. Technical experience: • Hands on experience with penetration testing tools and methodologies. • Proven experience in security testing with a focus on IoT, embedded systems, hardware, and medical instruments. • Knowledge of secure coding practices and the ability to review code for security vulnerabilities. • Familiarity with industry standards and regulations related to product security, such as ISO 27001, ISO/SAE 21434, UNECE WP.29, IEC 62443, UNR-155 and FDA cybersecurity guidelines. • Experience with threat modeling and risk assessment frameworks. • Familiarity with secure development practices for embedded systems. • Understanding of regulatory requirements for medical device security. • Strong understanding of networking protocols, encryption, and authentication mechanisms. Professional attributes: • Excellent communication skills, including the ability to convey complex security concepts to technical and non-technical stakeholders. • Demonstrated proficiency in autonomously managing client relationships with a high level of independence and accountability. • Experience of effectively leading teams of various sizes, ranging from small to large, and actively contributing to their skill development and upskilling. • Ability to manage multiple tasks and deadlines. Qualifications: • Bachelor’s or master’s degree in engineering or computer science, Information Security, or a related field. • Certifications such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or Certified Information Systems Security Professional (CISSP).