Monday, November 20, 2017
Product Security Engineer
Job Title: Product Security Engineer /Developer/Architect
Santa Clara, CA or Waltham, MA.
1) 5+ years of software security and/or software development experience is required: which means open for Devs
2) Career must be in security or software development
3) The primary job responsibilities of the Product Security Assurance Engineer are analysis, test, and reporting. This requires strong IT knowledge, to manage, configure, and administer Windows and Linux servers, and strong network knowledge. : This is a KEY POINT
Evaluate Security features/capabilities for HitachiVantara products, evaluate competitiveness of current Security Offerings (i.e. product / services), assess the security posture of products, guide product-based security certifications, and implement product security strategy elements. Create and maintain business plans for the life-cycle of the security offerings.
The Product Security Architect provides guidance on the future / current direction for design, implementation and lifecycle of Information Technology Security offerings (Hardware, Software and Services). Work closely with HitachiVantara security strategy and planning personnel (e.g., CISO).
Serves as a security expert for sales teams, customers and professional organizations in various technologies and platforms that effect infrastructure (such as applications, solutions, virtualization, cloud, storage, networks, data centers, computing devices, messaging, monitoring systems, etc.) as well as specific areas (cyber security and information assurance; data privacy, compliance, and legal; protection of information assets and systems from current and emerging threats).
The Product Security Architect contributes to the development and maintenance of information security strategy and architecture at the corporate level; and may provide support across other product / service offerings, ensuring the implementation and operation of the appropriate security controls across the product/service offerings are commensurate with systems and information risk and are aligned with IT security policies and standards.
1. Evaluate product security (i.e. products, services, and solutions) based upon criteria defined by Security Industry Standards Organizations, USA and EMEA Government Security Organizations, Customer Requirements and Vertical Market Best Practices – 30%
2. Develop and/or Coordinate the development and delivery of security training for the development community – 20%
3. Coordinate the security aspects of the launch of new products and product upgrades with all impacted groups within the company – 20%
4. Assist TechOps with managing the scheduling / prioritization of hardware products for security characteristics and compliance – 20%
5. Perform other duties as assigned by Director of Product Security – 10%
Interprets information security policies, standards, and other requirements as they relate to product and service offerings and assists or oversees the implementation of product security requirements.
Acts as a liaison for the internal or external parties requesting guidance, information and input on future/current Security offerings
Acts as a technical consultant on information security items for solution development, service delivery and customer sales activity.
Establishes and maintains strong working relationships with groups involved with information security matters such as the Hardware Development, Software Development, Services Development, Legal Department, Internal Audit Department, Physical Security Department, Information Technology Department, Information Security Council, HR and all outsourced IT organizations.
Bachelors degree in a technical related field and minimum 8 years of recent relevant experience
A minimum of 5 years of proven broad in-depth technical knowledge of Security concepts, principles and process is required.
A minimum of 5 years of experience in and a strong understanding of infrastructure, application and security appliance functionality using strong security practices
Hold the (ISC)2 CISSP professional certification, or be able achieve this certification of employment. In addition, at least one of the following Professional certification(s) required ISACA CISM, ISACA CISA, CCIE, (ISC)2 concentration certification (i.e., ISSAP, ISSMP, or ISSEP), or SNIA SCSE, with a preference for ISACA CISA.
Possess the relationship skills, cultural awareness, and organizational prowess required to work effectively in a large, highly-matrixed organization. Capable of delivering results through a position of influence, not authority.
Adept at communicating complex concepts to diverse audiences with varying skills sets.