Cybersecurity Lead – Product Security, Network Hardware, OS

🕒 Maio 28

🤠 Texas – Remoto

🤠 Texas – Remote

⏰ Tempo Integral

🟠 Sênior

👮‍♂️ Cibersegurança / Engenheiro de Segurança

🦅 Patrocina Visto H1B

Esta empresa já patrocinou vistos H1B no passado.

Candidatar-se

Encontrar Vagas Remotas Similares

Receber Emails de Vagas Remotas

📊 Verifique sua pontuação de currículo para esta vaga

Melhore suas chances de conseguir uma entrevista verificando sua pontuação de currículo antes de se candidatar.

Enviar Currículo

Celestica

SiteLinkedInTodas as Vagas

10.000+ funcionários

Fundada em 1994

🤝 B2B

💰 $660.400.000 Post-IPO Debt em 2021-09

B2B • Manufacturing • Supply Chain

A Celestica é uma líder global B2B em soluções de design, manufatura e cadeia de suprimentos para as empresas mais inovadoras do mundo. Trabalhamos com as marcas líderes mundiais para imaginar, projetar e construir produtos de ponta na indústria e resolver desafios tecnológicos complexos que impulsionam o mundo. Estamos envolvidos em todas as etapas da jornada do produto – desde como os produtos são projetados e desenvolvidos, adquiridos e fornecidos, até como são fabricados e mantidos.

Descrição

• Lead the integration of security gates into the product development lifecycle for network hardware and OS software. • Enforce the standardized SDLC policy and ensure threat modeling (using frameworks like STRIDE or PASTA) is conducted during the design phase of every new product release. • Direct the security hardening of the network operating system. • Define and enforce baseline configurations to ensure the OS is resistant to tampering, implementing controls such as secure boot, kernel hardening, and restricted shell access. • Orchestrate the 'Standardizing Dynamic Testing and Vulnerability Management' initiative for product software. • Oversee the implementation of Static Application Security Testing (SAST) using tools like Snyk in the CI/CD pipeline and establish a Dynamic Application Security Testing (DAST) framework to identify runtime vulnerabilities. • Architect product features that support Zero Trust environments. • Manage the product vulnerability lifecycle. Establish Service Level Agreements (SLAs) for remediating findings identified during penetration testing and DAST scans, ensuring no critical vulnerabilities ship to production. • Ensure all product cryptographic implementations align with the 'IT Encryption & Cryptography Policy', mandating AES-256 standards.

🎯 Requisitos

• 8–10 years of experience in product security, specifically focusing on network hardware (switches, routers, gateways) or embedded systems. • Strong background in C/C++, Go, or Python, with experience developing or securing Network Operating Systems (e.g., SONiC, Linux-based embedded OS). • Deep expertise in network protocols (L2/L3, TCP/IP, VLANs, VXLAN) and network security technologies (Firewalls, ACLs, 802.1X). • Proven experience implementing SAST/DAST pipelines (e.g., Snyk, Coverity, Burp Suite) and managing vulnerability disclosure programs. • Bachelor's degree in IT, Networking, or a related field (equivalent experience accepted). • Checkpoint: CCSE (highly preferred). General: CompTIA Security+ or Cisco CCNP Security.

🏖️ Benefícios

• Extended periods of sitting • Sustained visual concentration on a computer monitor or on numbers and other detailed data. • Repetitive manual movements (e.g., data entry, using a computer mouse, using a calculator, etc.) are frequently required.