Key Responsibilities
• Conduct vulnerability assessments, coordinate penetration testing activities, and perform risk analysis.
• Support secure system architecture reviews and threat modeling initiatives.
• Enforce organizational security policies, standards, and procedures.
• Investigate security incidents and lead root cause analysis along with remediation actions.
• Ensure alignment with relevant standards such as IEC 62443, EN18031, and ISO 27001.
• Support cybersecurity compliance initiatives including IEC 62443, EU CRA, ISO 27001, and NIST frameworks.
• Maintain security documentation, playbooks, and incident response plans.
• Ensure secure design principles are applied, including least privilege, defense in depth, and secure defaults.
• Validate secure implementation of requirements and mitigation strategies.
• Perform security testing on firmware releases from development teams.
• Apply Static Code Analysis techniques to identify security vulnerabilities in code.
• Conduct Software Composition Analysis to support software supply chain security.
• Participate in unit testing and secure code reviews.
• Continuously improve security practices by staying informed on emerging threats, tools, and industry practices.
• Collaborate with DevOps and engineering teams to integrate security practices within CI/CD pipelines.
Required Qualifications
• Minimum 5 years of experience in industrial cybersecurity or IT/OT security environments.
• Engineering degree or equivalent experience in Software Engineering, Computer Science, or Cybersecurity.
• Strong programming skills in C and C++.
• Solid understanding of encryption algorithms, key management, and secure protocols such as TLS and SSH.
• Knowledge of common software vulnerabilities including OWASP Top 10 and CWE/SANS Top 25.
• Familiarity with Linux, Windows, RTOS environments, and network protocols such as TCP/IP, DNS, and HTTPS.
• Understanding of industrial communication protocols including Serial, Modbus, and HART.
• Familiarity with cybersecurity frameworks and standards such as IEC 62443, ISO 27001, NIST, and OWASP.
• Self-motivated with the ability to work effectively in a collaborative team environment.
• Experience working with Software Bill of Materials (SBOM).
Preferred Qualifications
• Experience implementing DevSecOps practices within software development lifecycles.
• Hands-on experience with Azure DevOps or similar CI/CD platforms.