Provide technical leadership and guidance to a team of Web, Embedded and IoT Security engineers.
Execute and oversee Penetration Testing and Vulnerability Assessment activities for Embedded Systems and IoT devices.
Leverage DevSecOps to embed security testing (SAST, DAST, Host Scanning, ATO Scanning, SBOM Generation) into all phases of SDLC. Develop/review technical documentation (procedures/work instructions/guidance documents) for technical services.
Develop and maintain comprehensive test plans, methodologies, and tools for security testing.
Conduct in-depth analysis of security vulnerabilities and propose mitigation strategies.
Collaborate with cross-functional teams to design and implement secure Embedded and IoT solutions.
Lead the SBOM Management program, ensuring accurate identification and documentation of software components and dependencies.
Drive continuous improvement initiatives related to Embedded and IoT security, testing, and vulnerability management.
What you need:
Required Qualifications:
Bachelors or Master’s in Computer Science Engineering
4 to 10 years of experience
Experience with threat modeling, risk assessment, and security architecture reviews for Embedded Systems and IoT solutions.
Proficiency in C, CPP & Python programming language Familiarity with relevant standards and frameworks such as OWASP, NIST Cybersecurity Framework, and ISO 27001.
Solid understanding of software development lifecycles and methodologies, particularly in the Embedded Systems and IoT context.
Preferred Qualifications:
Proficiency in using security testing tools such as Burp Suite, Wireshark, Nessus, and Metasploit and DevSecOps principles.
Experience in automation of routine tasks using tools like Jenkins and/or scripting languages such as PowerShell, Ruby, or Python.
Understanding of Cloud based environments like Azure and AWS. At least one professional certification like ECSA Practical/CPENT/LPT/OSCP/OSWE/OSCE or similar involving practical exams.