Our client, currently a global leader in AMR/AMI/Smart Grid Solutions, is looking to hire an experienced mid to senior-level Product Security Engineer to ensure that our embedded software, networking, and applications are designed and implemented to be secure. If you enjoy testing hardware, software and services from a security perspective, and you are experienced at discovering subtle security issues that appear under new threat scenarios, this position will provide you with a challenging opportunity.
Product (Cyber) Security Engineer / Analyst
Evangelize secure development practices to the product development teams
Perform security design sessions on new and updating products
Perform risk and threat analysis of products
Conduct device and application-level vulnerability and penetration testing
Work with product teams conducting security code-reviews on many of Itron's solutions
Work closely with our software, system, and network engineers to enhance our security posture
Duties & Responsibilities
Identify potential threats and work with engineers to make recommendations and implement cost effective security controls to meet market security requirements and address security deficiencies and issues.
Monitor, evaluate, and maintain systems and procedures to ensure our products remain secure.
Research, recommend, and implement changes to systems and procedures to enhance product security.
Develop and conduct periodic product security tests and audits.
Perform analysis on newly proposed product features and provide working solutions to resolve and security related issues.
Communicate security requirements and procedures to all stakeholders.
Coordinate with and support Development and other stakeholders as appropriate.
Communicate to the market, trade groups, partners and customers, the security landscape and roadmaps as appropriate.
Recommend and drive secure development and test practices into our product development organizations.
Experience: This position requires a minimum of 8 years totals years of experience in security architecture with the following:
Minimum of 5 years of software development experience using C, C++, and/or .Net programming languages.
Minimum of 3 years of experience with either Python or PERL
Minimum of 3 years of experience as a systems security engineer or architect.
Minimum of 2 years of embedded and/or device driver implementation.
Education: Bachelor's degree or equivalent experience Computer Science/MIS/Engineering preferred.
Certification(s): CISSP or GIAC certifications preferred
Preferred Skill Sets and Experience:
Versed in all aspects of UNIX, Windows, and network security.
Experience with or knowledge of the configuration, operation, and management of firewalls, VPN, SSH, PKI, Wireless, and vulnerability assessment tools.
Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, and applied cryptography
Strong experience in web-application security
Experience with service-oriented architecture and web services security
Experience with the application of threat modeling or other risk identification techniques
Detailed knowledge of application-level security vulnerabilities and remediation techniques, including penetration testing and the development of exploits
Solid understanding of technology best practices (operating systems, network and computer operations, production support, and information security).
Working knowledge on creation and implementation of client and server side SSL certificates..
Experience working in complex and integrated solutions, preferably including sensors or mobile field devices along with back-office data processing systems.
Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
Understanding of Federal Information Process Standards related to security and FIPS certification is desired.
Understanding of NERC CIP standards is desired.
Excellent written and verbal communication skills
Excellent leadership skills and teamwork skills
Results oriented, high energy, self-motivated
Keyword: CISSP GIAC