Product Security and Privacy Architect

Emploi pas sur LinkedIn

🕒 il y a 1 mois

Postuler Maintenant

Trouver des Emplois à Distance Similaires

Recevoir des emails pour des emplois à distance

📊 Vérifiez votre score de CV pour ce poste

Améliorez vos chances d'obtenir un entretien en vérifiant votre score de CV avant de postuler.

Télécharger le CV

ASSA ABLOY Opening Solutions

Site WebLinkedInTous les Emplois

10 000+ employés

🔐 Sécurité

🔧 Matériel

🤝 B2B

Security • Hardware • B2B

ASSA ABLOY Opening Solutions est un leader dans le domaine de la technologie de sécurité, spécialisé dans le développement et la production de systèmes de verrouillage mécaniques et électromécaniques, de solutions de contrôle d'accès, et de systèmes de verrouillage pour divers bâtiments résidentiels, commerciaux et publics. L'entreprise est reconnue pour ses produits innovants qui garantissent sécurité et confort, répondant aux besoins diversifiés allant des établissements de santé aux institutions éducatives. Avec une gamme complète de solutions, ASSA ABLOY assure le déplacement sécurisé et fluide des personnes, des biens et des informations à travers de nombreux secteurs.

Description

• Leading day-to-day security/privacy architecture governance • Defining corporate wide security and privacy requirements, controls, and standards • Defining corporate wide Secure Coding, third-party, deployment policies & other architecture-related standards • Defining required training content • Defining paved roads/security and privacy-by-design patterns and libraries • Leading development of AI-enabled PSP Architecture capabilities • Owning the threat modeling framework and quality bars • Running/approving security & privacy architecture reviews • Leading audit/assessment planning, evidence of expectations, and defensibility • Being responsible for tooling selection and integration related to security & privacy architecture domain • Architecting compliance, analyzing new regulations and standards to identify gaps in the platform's capabilities, standards, and controls • Assessing New Acquisitions Architecture and contributing to due diligence on a needed basis • Providing recommendations for risk acceptance and exception requests • Providing input on tooling strategy and integration guidance for non-architecture related domains • Providing guidance on security requirements for supply chain tooling, pipeline architecture, and associated standards • Validating that platform architecture enables enforcement of PSP security controls • Providing expert input on exploitability, attack paths, and mitigation options during Incident handling process • Providing guidance on true risk vs noise for security tool outputs and penetration tests.

🎯 Exigences

• Master's Degree in computer science or similar qualifications • At least 3 years in software/product security, application security, or security architecture • At least 7 years of hands-on software engineering / QA / DevOps earlier in career • At least one security or privacy certification (CISSP, CIPT, CSSLP, CEH, ...) is a plus • Proven ownership of at least one of: threat modeling program, secure design review governance, audit evidence management, security tooling strategy, penetration testing program or similar • Experience contributing to at least one Secure Software Development Lifecycle (SSDL) program • Working knowledge of general principles of application security • Working knowledge of threat modeling principles • Working Knowledge of security standards (OWASP, ISO, NIST, ...) • Knowledge of security regulations, such as the Radio Equipment Directive (RED), Cyber Resilience Act (CRA), Federal Information Processing Standards (FIPS), and Common Criteria (CC) or equivalent • Good understanding of cryptographic principles, including algorithms, key management, and protocols • Experience using security tools (SAST, DAST, SCA, Vulnerability Scanners, Secret Scanners) • Hands-on experience in at least one, preferably more, of these application domains: Embedded device Security, Mobile security, Web & API security, Desktop security • Experience with Agile/SAFe Methodology is preferred • Experience with usage of AI tools in the context of a security program is preferred • Cloud infrastructure, Supply Chain, and deployment Security is preferred.

🏖️ Avantages

• Competitive salary and rewards package • Competitive benefits and annual leave offering • A vibrant, welcoming & inclusive culture • Extensive career development opportunities and resources