Posted: Friday, April 09, 2021
Sellersville, PA USA
To provide guidance, analysis and auditing to product development organizations in the field of Automation Cybersecurity. The engineer will have a role in the development and growth of exida’s Automation Cybersecurity certification business. The engineer may represent and promote exida at industry meetings and/or participating in industry committees.
- A minimum of 3 years of software product development experience
- Knowledge and experience in developing software that is secure by design
- Experience creating security threat models for products or system
- Knowledge of the causes of security vulnerabilities and how to prevent them
- Knowledge of and experience following a secure development lifecycle
- Understanding of security concepts such as identification and authentication, symmetric and asymmetric encryption, secure boot, and PKI
- Knowledge of Networking and communication protocols
- Bachelor’s Degree in computer science, Computer Engineering, Electrical Engineering or equivalent
- Experience in Penetration Testing or other security related testing such as fuzz testing, software composition analysis, static analysis, abuse case testing, and known vulnerability scanning.
- Knowledge of IEC 62443 Series of Standards
- Any of the following professional certifications: CISA, CISSP, GICSP, CACE, CACS, CSSLP or equivalent
The Cybersecurity Engineer is responsible for providing Automation System Cybersecurity related services for exida.
The primary duties will include the following:
- Undertake training as required to improve skill set with cyber-security as directed by business needs;
- Review, understand, and critique the IEC 62443 automation cybersecurity standards;
- Visit development organization offices to determine the software processes actually used to create their software and advise/explain what improvements, if any, are needed to meet IEC 62443 security development requirements;
- Explain and teach cybersecurity development process requirements;
- Review and understand hardware/software designs to verify the security features of those designs;
- Audit completed projects to assess if their processes used and resulting designs meet the requirements of the exida cybersecurity certification scheme;
- Review and understand security testing done on products and systems in order to assess that they meet the requirements of the relevant security standards.
- Manage and execute projects;
- Support business development efforts;
- Present at technical conferences and symposiums;
- Compile proposals and budgets when required;
- Travel within the domestically and internationally (when required), sufficient to meet the business goals and targets of exida;
- Identify potential threats and/or opportunities for exida’s services and product improvement and/or development;
- Produce white papers, blogs, webinars and new training material on cyber security products/services when required;
- Work in a professional and proper manner at all times, representing the best interests of exida.