Cyber Security Engineer - #1160366

Responsibilities:

• Product Security Architecture & Best Practices: Establish, maintain, and enforce secure hardware and software development lifecycle practices tailored for resource-constrained embedded systems and BAS controllers.

• Vulnerability Management & Resolution: Actively triage, investigate, and resolve security vulnerabilities (hardware, firmware, and open-source components). Coordinate with firmware teams to implement, test, and deploy critical security patches.

• Security Certification Ownership: Lead the preparation, documentation, and technical execution required to achieve industrial security certifications, specifically IEC 62443 and regional cybersecurity standards.

• Secure Firmware Design & Implementation: Advise R&D teams on implementing robust security mechanisms at the device level, including Hardware Unique Keys (HUK), Secure Boot, cryptographic key storage, and trusted execution environments (TEE).

• Threat Modeling & Risk Assessment: Conduct proactive threat modeling, attack surface analysis, and risk assessments on connected devices and OT (Operational Technology) network protocol integrations (such as BACnet/SC).

• Penetration Testing & Auditing: Perform hands-on firmware security assessments, static/dynamic code analysis (SAST/DAST), and coordinate with accredited external labs for official third-party penetration testing and compliance auditing.

• Cross-Border Technical Alignment: Act as the primary security liaison to align local engineering initiatives with our global corporation's security governance standards and architectural frameworks.

Requirements:

• Possess a recognized degree in Computer Engineering, Electrical/ Electronics Engineering, Cybersecurity, or a related technical discipline

• 4 to 6 years of hands-on experience in cybersecurity, with focus on embedded systems, Internet of Things (IoT) devices, or Operational Technology (OT) systems.

• Industrial Cybersecurity Standards: Experience in navigating a product through an official conformity assessment. Having practical, working knowledge of the IEC 62443 is highly preferred.

• Embedded Technical Skills: Good understanding of low-level security implementations. This includes familiarity with Secure Boot, TPM, TEE, SELinux, and others.

• Security Infrastructure & Network: Good understanding of PKI (Public Key Infrastructure), key/cert management, device certificate provisioning, industrial network security, including TLS/DTLS implementation, and emerging secure protocols like BACnet/SC (Secure Connect).