Cybersecurity Lead – Product Security, Network Hardware, OS

🕒 vor 19 Tagen

🤠 Texas – Remote

🤠 Texas – Remote

⏰ Vollzeit

🟠 Senior

👮‍♂️ IT-Sicherheitsingenieur

🦅 H1B-Visum-Sponsor

Dieses Unternehmen hat in der Vergangenheit H1B-Visa gesponsert.

Jetzt Bewerben

Ähnliche Remote-Jobs finden

E-Mails für Remote-Jobs erhalten

📊 Überprüfen Sie Ihre Lebenslauf-Bewertung für diese Stelle

Verbessern Sie Ihre Chancen auf ein Vorstellungsgespräch, indem Sie Ihre Lebenslauf-Bewertung vor der Bewerbung überprüfen.

Lebenslauf hochladen

Celestica

WebsiteLinkedInAlle Stellen

10.000+ Mitarbeiter

Gegründet 1994

🤝 B2B

💰 €660.400.000 Post-IPO Debt im 2021-09

B2B • Manufacturing • Supply Chain

Celestica ist ein globaler B2B-Marktführer für Design-, Fertigungs- und Supply-Chain-Lösungen für die innovativsten Unternehmen der Welt. Gemeinsam mit den weltweit führenden Marken denken, entwerfen und fertigen wir branchenführende Produkte und lösen komplexe Technologieherausforderungen, die die Welt voranbringen. Wir begleiten jede Phase des Produktlebenszyklus – von Design und Engineering über Sourcing und Supply bis hin zu Fertigung sowie Wartung und Serviceleistungen.

Beschreibung

• Lead the integration of security gates into the product development lifecycle for network hardware and OS software. • Enforce the standardized SDLC policy and ensure threat modeling (using frameworks like STRIDE or PASTA) is conducted during the design phase of every new product release. • Direct the security hardening of the network operating system. • Define and enforce baseline configurations to ensure the OS is resistant to tampering, implementing controls such as secure boot, kernel hardening, and restricted shell access. • Orchestrate the 'Standardizing Dynamic Testing and Vulnerability Management' initiative for product software. • Oversee the implementation of Static Application Security Testing (SAST) using tools like Snyk in the CI/CD pipeline and establish a Dynamic Application Security Testing (DAST) framework to identify runtime vulnerabilities. • Architect product features that support Zero Trust environments. • Manage the product vulnerability lifecycle. Establish Service Level Agreements (SLAs) for remediating findings identified during penetration testing and DAST scans, ensuring no critical vulnerabilities ship to production. • Ensure all product cryptographic implementations align with the 'IT Encryption & Cryptography Policy', mandating AES-256 standards.

🎯 Anforderungen

• 8–10 years of experience in product security, specifically focusing on network hardware (switches, routers, gateways) or embedded systems. • Strong background in C/C++, Go, or Python, with experience developing or securing Network Operating Systems (e.g., SONiC, Linux-based embedded OS). • Deep expertise in network protocols (L2/L3, TCP/IP, VLANs, VXLAN) and network security technologies (Firewalls, ACLs, 802.1X). • Proven experience implementing SAST/DAST pipelines (e.g., Snyk, Coverity, Burp Suite) and managing vulnerability disclosure programs. • Bachelor's degree in IT, Networking, or a related field (equivalent experience accepted). • Checkpoint: CCSE (highly preferred). General: CompTIA Security+ or Cisco CCNP Security.

🏖️ Vorteile

• Extended periods of sitting • Sustained visual concentration on a computer monitor or on numbers and other detailed data. • Repetitive manual movements (e.g., data entry, using a computer mouse, using a calculator, etc.) are frequently required.