This job has expired, please see additional jobs below
Product Security Lead
Bose Corporation
Framingham, MA, United States
Job Details - this job has expired, please see similar jobs below
Job summary and Responsibilities:
Competencies:
• Understanding of product management discipline – including product lifecycle management and experience with product line strategic planning.
• Must be able to present at executive committee or board level.
• Excellent written and oral communication skills.
• Highly self-motivated and self-sufficient.
• Creative and out-of-the-box thinker.
• Proven track record in working within a cross-functional environment to drive results.
• Great communicator and mitigates between marketing and engineering.
• Elevate application and system security capabilities in the product engineering community through the creation, implementation, and execution of specifications, guidelines, and service offerings
• Establish best practices for the effective avoidance, identification, and resolution of security weaknesses in products, services, and processes
• Engage with product teams as both advisor and contributing team member to enable building security into complex systems across the entire product lifecycle (from concept through deployment and operations);
• Lead and train developers and testers in security activities during the lifecycle, such as secure design reviews/threat modeling, security code reviews, security test planning, and component security hardening, to identify potential security weaknesses;
• Innovate on technical solutions to solve security challenges in product architecture, implementation, testing, release, and operations, as well as the business processes that enable secure delivery of components within the ecosystem;
• Assist in design and implementation reviews of embedded firmware, software, and customer facing cloud infrastructure.
• Work with development teams to solve difficult embedded security problems as they pertain to Connected Product security (Internet of Things) and Application Security.
• Build tools and processes to minimize the number of vulnerabilities that are present in released products
• Track and monitor new or emerging vulnerabilities, exploitation techniques and attack vectors and evaluate their impacts on development and production services and processes.
• Conduct security risk assessments of proposed products and systems and recommend appropriate action.
• Review existing architecture, identify design gaps, and recommend security enhancements.
• Collaborate in cloud solution architecture design; lead security efforts assisting with the integration and initial implementation of solutions in AWS cloud.
• Serve as information security subject matter expert; provide advisory and consulting services for new products and services.
• Accelerate the rollout of a Secure Development Life Cycle (SDLC) including developer awareness, static analysis, and incident response.•
• Be serious about security but with pragmatism – security as an innovator and enabler of great products – and with some fun too
The Product Security Lead will be part of a high performing team that will provide security consulting, engineering and operations services to the organization in the areas of:
• Internet of Things (IoT) security especially on internet connected products
• Web application security and microservice development
• Secure software and product development
• Mobile application security
• Embedded device security
Desired skills and experience:
Qualifications (demonstrated competence):
• Secure software / systems development lifecycle experience (e.g. Microsoft SDL, OpenSAMM, CMMI-Dev+Secure)
• Demonstrable knowledge and experience in one or more of the following areas:
◦ System security engineering
◦ Embedded device security
◦ Application or system hardening
◦ Security Testing / Penetration Testing
◦ Mobile application security
◦ Cloud security
◦ Cryptography
◦ Forensics or reverse engineering
• Knowledge of common security standards and best practices, such as NIST 800-53/800-160, ISO 270xx, CWE, CVSS, OWASP Top 10, CERT Secure Coding Standards.
• Experience leading secure architecture, design, and code reviews
• Direct development experience in languages including C/C++ (x86 or ARM), Python, and Java; Go or Swift experience desirable
• Familiarity with security vulnerability detection and security test automation tools such as Qualys, Nessus, Burp Suite, metasploit, and Klocwork.
• Excellent written and verbal communication skills; must understand and be able to deliver security concepts and challenges to various levels within the organization (e.g. developers, program management, business leaders)
Highly desirable but not required skills include:
• Certified Software Security Lifecycle Professional (CSSLP), Certified Information Systems Security Professional (CISSP) certification, SANS GIAC Certified Incident Handler (GCIH), or SANS GIAC Certified Penetration Tester (GPEN) or equivalent certification
• Knowledge of CI/CD tools and practices
• Experience in waterfall and Agile development methodologies
• Experience using CIS Security benchmarks or US DISA Security Technical Implementation Guides
• Prior or current involvement in industry security initiatives such as IETF, OWASP, ISO, CWE, BSIMM, Cloud Security Alliance, or any open source project related to security
• Familiarity with the Industrial Internet of Things (IIoT)
• Familiarity with US FDA cybersecurity requirements
• Understanding of functional safety and/or privacy requirements
• Teaching or technical consultation experience
Bose is an equal opportunity employer that is committed to inclusion and diversity. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status, or any other legally protected characteristics.
Bose is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the application or employment process, please send an e-mail and let us know the nature of your request and your contact information.