Cyber Security Officer (HID5442)

RequestInformation
Full-time
HID Global
2019-07-02
Region: 
Long Beach, CA North AmericaUSLong Beach, CA


HID Global powers the trusted identities of the world's people, places and things. Every day millions of people in more than 100 countries use our products and services to securely access physical and digital places. Over 2 billion things that need to be identified, verified and tracked are connected through HID Global’s technology. We make it possible for people to transact safely, work productively and travel freely. We work with governments, universities, hospitals, financial institutions and some of the most innovative companies on the planet—helping them to create trusting and trusted physical and digital environments so that they and the people who use them can fulfill their potential. Headquartered in Austin, Texas, HID Global has over 3,500 employees worldwide and operates international offices that support more than 100 countries. HID Global® is an ASSA ABLOY Group brand. For more information, visit www.hidglobal.com.

HID PACS, located in multiple development locations, is recognized as the global leader in the design, manufacture and supply of access control security technology. HID Global, the provider of trusted identities to the world's people, places and things.

We offer a competitive and comprehensive compensation package that includes medical, dental, vision, life insurance, pension, and competitive annual leave entitlement.

The Cyber Security leader will head a team that undertakes the product and system designs, and provides security guidelines to the development teams which integrates highly complex software functions with HID end to end systems.  In this role the lead will help create and rollout a holistic product security program that encompasses the full product life cycle from initial design through development onto deployment including incident response. You will use your experience and judgement with cybersecurity controls and secure software development practices to plan and solve important challenges to accomplish goals. You will be the senior expert on the team focused on product security.

Duties and Responsibilities include the following.

  • Create and rollout a holistic product security program modelled off the Microsoft SDL process (or equivalent) to PACS portfolio.  This will include, but not limited to, establishing baseline security requirements, threat model development, testing requirements and risk assessments.
  • Help develop the security roadmap for the HID family of products and the end to end systems.
  • Help create or provide input into policies, standards and procedures for product security that the organization will follow and enforce governance to those policies. Stay up to date on the latest vulnerabilities and determine if they can be exploited in HID products. Led the Product Security Incident Response team (PSIRT) and be a key content contributor to product security advisories.  When the cyber security team finds a potential threat or attempted breach, closing off the security vulnerability and management of communications is a key responsibility.
  • Review our existing implementations in both hardware and software related to security to determine deficiencies and vulnerabilities/risks or enhancements needed. Constantly monitoring for attacks and intrusions of any of the PACS systems and product portfolio.
  • Interact with security experts within our partner organizations and external groups
  • Engage in customer communications when it is necessary to bring in technical expertise. Act as the PACS team's technical representative at conferences, presentations, and other outreach activities.
  • Provide technical security guidance to our engineering teams across the labs.
  • Research, design and advocate new technologies, architectures, and products that will support security requirements.
  • Assist on design reviews and code reviews focusing on security. Seeking to build in security during the development stages of software systems, networks and data centres
  • Coordinate security assessments and penetration testing on the HID products
  • Manages cyber related agency approvals.
  • Review product security related documentation for accuracy to include hardening guides, white papers, marketing material.
  • Attend security conferences / training to stay up to date on the latest trends
  • Effectively collaborating, and communicating with engineers and research engineers in a multi-disciplinary environment. Co-ordinate security experts across the PACS business unit to provide complete system end to end guidance on security design.

Qualifications

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required.

Education and/or Experience         

  • Minimum Bachelor’s or Master’s Degree in Computer Science, Computer Engineering, or Electrical Engineering with 8+ years of hands-on software development experience
  • One or more cybersecurity certifications CISSP, CSSLP, CCSP, or equivalent
  • Experience in Secure SDLC (Secure Software Development Life Cycle) and CVE (Common Vulnerabilities and Exposures)
  • Passion for cryptography
  • Security+ certification or similar
  • Expertise with Linux
  • Understanding of TLS and digital certificates
  • Familiarity with OpenSSL
  • Experience with FIPS 140-2
  • Familiarity with penetration testing tools and working with third party penetration test labs.
  • Experience with threat modeling
  • Experience with static code analysis and vulnerability scan tools and analysing their output.  Experience with vulnerability management.
  • Knowledge of secure coding practices
  • Experience with TCP/IP networking, transport layer protocols including TCP and UDP, and application layer protocols including HTTPS
  • Ability to use logic and reasoning to identify the strengths and weaknesses of end to end PACs systems
  • Strong IT skills and knowledge including hardware, software and networks with a deep understanding of how hackers work and ability to keep up with changing world of system security
  • Ability to work on complex tasks without technical guidance

 

HID Global is an Equal Opportunity Employer/Minorities/Female/Disabled/Veteran 
If you have a disability which limits your ability to apply online, please contact us at [email protected], to submit your expression of interest in a position with our Company.