Product & Solution Security Professional

• Needs to be specialized in at least one/two of different areas:
• Secure Architecture & Design, Threat & Risk Analysis, Secure Project Integration
• Network security firewall & network IDS, IPS
• PSSE will be primarily involved in:
• Secure architecture and design, defining secure design principles
• Supporting selection of secure suppliers and technologies
• Development of secure configuration standards and considering security topics such as IDS, patch management, Anti-Virus systems
• As part of project integration:
• Defines, supervises, and tests components/subsystems with respect to system security
• Defines and establishes zones and conduits considering physical security
• Prepares and performs security handover of complex systems to customers
• Supports and consults project leaders in implementing required product & solution security
• Supports project teams in conducting security activities during project execution and/or services
• Can support multiple projects and should occupy the function for the main part of defined working time
• Reports to the Project / Functional Lead and the Product & Solution Security Officer
• Responsibilities include:
• Specification and maintenance of secure coding, design, configuration, and hardening guidelines
• Synchronizing with Information Security organization to ensure secure IT architecture/infrastructure
• Specification and maintenance of project security requirements
• Supporting compliance with international/regional security standards (IEC62443, ISO27000, CENELEC, NIST, SANS)
• Planning/performing threat and risk analysis with countermeasures in line with risk criteria
• Evaluating third-party components for product & solution security
• Clearing implementation and documentation of security-critical components (e.g., crypto functions, firewall settings)
• Verification and validation:
• Verifying implementation of security requirements (system test, factory/site acceptance test)
• Recommending/creating security testing tools
• Performing validation (e.g., friendly hacking, penetration testing) to ensure implementation meets security expectations
• Involvement in security vulnerabilities & incidents analysis and handling
• Supporting system engineering in security issues
• Monitoring and evaluating vulnerabilities and security incidents
• Assessing security-related requirements
• Proficiency in MS Word, Excel (Macros), and PowerPoint for management and reporting
• Exhibiting excellent communication and analytical skills

Desired Skills:

• 9+ years of experience is required
• Great communication skills
• Analytical and problem-solving skills