Cybersecurity - Senior Advisor

Schneider Electric Lake Forest , CA 92630

Posted 7 months ago

Schneider Electriccreates connected technologies that reshape industries, transform cities and enrich lives. Our 144,000 employees thrive in more than 100 countries. From the simplest of switches to complex operational systems, our technology, software and services improve the way our customers manage and automate their operations.Help us deliver solutions that ensure Life Is On everywhere, for everyone and at every moment:https://youtu.be/NlLJMv1Y7Hk.

Great people make Schneider Electric a great company.

In general, the primary responsibility of a security advisor is to engage with every active project team, advise the team on SDL compliance for each and every security practice, ensure cybersecurity requirements are included in each project, and help teams comply with company Marketing requirements and Technical Invariants.

In some cases, security advisors will also have enough skill and experience to guide teams on security functional solutions (architecture, implantation, testing). Where the security advisor may not have the project's needed skills, the advisor will help the team connect with appropriate resources.

The security advisor stays engaged with every project team through OTM/RDI and implementation phases, ensuring that the agreed security plan is adhered to and escalating when not.

At the end of each project the advisor assesses the project teams security plan compliance and produces a final security report. No project advances unless the FSR is completed and accepted by Leadership.

Detailed activities of a Security advisor, day to day -

  • Occasionally, provide security training (meeting with project teams, Lunch&Learn sessions, etc.)

  • Keep up on latest CERT bulletins, exploits, etc. Compare to product offer. Ensure emerging attack vectors are assessed against product family offers.

  • Participate in Incident Responses when directed

  • Meet with teams in preparing the SDL Security Plan

o Reviewing the SDL Evaluation form that the team fills in

o Reviewing the Security Backlog for a project during the planning stage

o Setting the SDL requirements, then reviewing it with the team

o Getting leadership approval of the plan before the team begins writing code

o Letting the team know they can publish the requirements to TFS

  • Assist teams in threat modeling their product(s).

  • Meet with teams at various milestones during project execution (insist on it so there are no surprises in the end)

  • Review their Vulnerability Susceptibility Map (VSM) spreadsheet (this might be getting obsoleted)

  • Perform the Protecode scanning of a team's binaries or get them to do it to identify third-party inclusions and patch state (detailed procedure provided)

  • Perform the Digital Signature verification of their binaries or get them to do it (detailed procedure provided)

  • Run Nessus Professional (vulnerability scanner) (detailed procedure provided below)

  • Meet with the team at the end of the project to perform the Final Security Review

o Make sure all artifacts are completed

o Review SCA logs, BinScope logs, Protecode reports, Nessus report, etc.

o Make sure all system test is completed (so no more defects are expected to be found)

o Any open security defects must be reviewed and put in the security backlog if it is agreed they will not be addressed during the current project

  • Occasionally, renew licenses for security tools (Nessus, Metasploit, BurpSuite, etc.)

  • Request ISA/IEC standards (SE uses a service company named AFNOR/Webport)

  • Guide teams through ISASecure certification when appropriate

  • Review all project user documents for appropriate security content. Evaluate content and correct as needed

  • Review changes to SDL process documents

  • Keep up with advances in security tools, procedures, and processes

  • Possibly attend security conferences as appropriate (e.g. ICS JWG)

We seek out and reward people for being straightforward, open, passionate, effective and challenging the status quo. We want our employees to reflect the diversity of the communities in which we operate. We welcome people as they are, creating an inclusive culture where all forms of diversity are seen as a real value for the company. We're looking for people with a passion for success on the job and beyond. See what our people have to say about working for Schneider Electric: https://youtu.be/6D2Av1uUrzY.

Let us learn about you! Apply today.

You must submit an online application to be considered for any position with us. This position will be posted until filled.

It is the policy of Schneider Electric to provide equal employment and advancement opportunities in the areas of recruiting, hiring, training, transferring, and promoting all qualified individuals regardless of race, religion, color, gender, disability, national origin, ancestry, age, military status, sexual orientation, marital status, or any other legally protected characteristic or conduct.

Concerning agencies: Schneider Electric does not accept unsolicited resumes and will not be responsible for fees related to such.

Schneider Electric is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Sr Product Cybersecurity Engineer

Panasonic Corporation Of North America

Posted 1 week ago

VIEW JOBS 10/13/2019 12:00:00 AM 2020-01-11T00:00 About PAC: Who We Are: Panasonic Avionics takes entertainment to new heights. We're the world's leading supplier of (IFEC) inflight entertainment and communications systems that allow airborne passengers to get their fix of live TV, movies, music, interactive games, maps, and much more! We make traveling on airplanes more exciting! What We Value: As an organization, we value people who are motivated and driven. We value a collaborative work environment that enhances careers and positively impacts society. We value our diverse work culture committed to delivering products and achieving high results. Seeing our products bring delight to others is just one way we measure success. Why You Should Join: A job is only part of what we offer. See how you can flourish in a career while getting the support and resources from some of the most talented people in the industry. You will work on technology that makes traveling the world that much better. Lastly, you will be rewarded with world class benefits and competitive wages. Come aboard, we've been expecting you! JOB SUMMARY The Panasonic Cybersecurity Risk Management ("PCRM") organization was created to strategically enable the business mission of enhancing the passenger experience, improving operational efficiencies, and generating business opportunities. Our mission is to protect the Panasonic brand and reputation, digital processes and technologies, data and intellectual property, and the customer data under its custodianship. The scope is global in nature and achieves its mission by developing and operating, programs to identify, prioritize, communicate, measure, and drive to closure, cybersecurity risk across the enterprise and its portfolio of NEXT generation solutions and services for inflight entertainment and communications (IFEC). To support this focus, Panasonic seeks a qualified candidate for the position of Sr. Product Cybersecurity Engineer. The Sr. Product Cybersecurity Engineer is a critical member of the Cybersecurity Risk Management – Security Architecture team and is responsible for identifying security vulnerabilities in software, cloud and embedded firmware of pre-release products, post-release updates, 3rd party code and server environments. They participate in evaluation of security tools, identification, evaluation and selection of technologies to continually improve the risk posture of enterprise and/or product security program. The Sr. Product Cybersecurity Engineer must be comfortable working in a dynamic, flexible, fast paced environment and is expected to partner with other cybersecurity programs, information technology organizations, network operation centers, software development teams, product management, security researchers, law enforcement, and business stakeholders, to manage, and drive forward security projects in support of the incident response program. RESPONSIBILITIES * Review and assesses, new and existing, business enterprise or product architectures, security focused tools, systems and services. * Build employee security and risk awareness through validation and testing of identified vulnerabilities, typically via security architecture reviews, product security risk assessments. * Perform security architecture reviews, threat models, and provide requirements throughout all phases of software product development. * Develop, deploy, and/or enhance security solutions/tools to identify and/or prevent cybersecurity vulnerabilities and assist in addressing existing security problems. * Help detect, highlight, and close security vulnerabilities that surface during the software development lifecycle. * Participate in training developers on secure coding and remediation techniques. * Evaluate public security advisories, publications, and trends for impact to the organization, the products we develop, and the customers we serve. Product Cybersecurity Engineers sit at the heart of security related to application/software development and are key to the management, prevention, detection and remediation of vulnerabilities in internal software development workstreams including 3rd party libraries used within the company and its products. KNOWLEDGE/SKILL REQUIREMENTS * Experience in the following programming languages (C, C++, Python, PHP, Java). * In-depth knowledge of web technologies, protocols, web services, and interfaces. * A minimum 5 years of experience in Web Application Development, preferably with a security focus. * Knowledge of security problems associated with software written in PHP, C/C++, and Java. * Ability to adapt and be entrepreneurial in order to solve problems quickly, creatively and collaboratively. * Familiarity with OWASP TOP 10, OWASP IoT Top 10, OWASP Mobile Top 10, SANS 25, CWE, etc. required. * Excellent ability to discover and demonstrate flaws such as SQL injection, XSS, and CSRF. * Solid understanding of database security. * Familiarity with offensive security tools such as but not limited to (Burp Suite, Metasploit, Nessus, Acunetix) * Knowledge of public key infrastructure (PKI), TPM 2.0, cryptography, encryption, digital signing, code scanning and other security related technologies required. * Experience with one or more technical cloud platforms strongly desired i.e. AWS, Google Cloud, Azure * Experience with mobile security with an emphasis on Android related application and IOS security. * In-depth understanding of secure coding techniques. You are a senior contributor who has: * Strong problem-solving skills. * Drive for continuous learning and discovery. * Excellent communication skills. * Strong technical security engineering background and skills. * Ability to engage with and influence people at all levels. * Ability to interface and coordinate with many teams simultaneously. * Ability to work effectively in fluid environments. * Strong interest in evaluating processes to see where changes can be made, coupled with a strong preference to do the lightest-weight changes possible. * Demonstrated ability to work effectively with highly technical engineering teams while helping them deliver against a backlog. * Stays current on emerging cybersecurity threats and vulnerabilities. * Strong interest in diving deeply into Panasonic's services, applications, and infrastructure to better partner with teams on the design and implementation of security asks. EDUCATION/EXPERIENCE REQUIREMENTS * Minimum of 5 years of applied experience working in the Network Security, Mobile Application Security, Cloud Security, or Application Security fields required. * BS in Computer Science or 5 years related technical field/technical experience. * Certifications such as (OSCP, OSCE) are a plus. * Any disclosed CVEs are a plus. * Ability to obtain CISSP or CSALP certification in 6 months of employment required. * Experience influencing engineering teams and driving them via their development cycle to deliver Security (or other) non-feature improvement/enhancement * Experience auditing code via both white-box and black-box techniques OTHER REQUIREMENTS * May be required to travel up to 30% domestically and/or internationally Panasonic is proud to be an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, disability status, protected veteran status, and any other characteristic protected by law or company policy. All qualified individuals are required to perform the essential functions of the job with or without reasonable accommodation. Pre-employment drug testing is required for safety sensitive positions or as may otherwise be required by contract or law. Due to the high volume of responses, we will only be able to respond to candidates of interest. All candidates must have valid authorization to work in the U.S. Thank you for your interest in Panasonic Corporation of North America. #LI-SR1 REQ: REQ-111268 Engineering * Lake Forest, CA, United States Panasonic Corporation Of North America Lake Forest CA

Cybersecurity - Senior Advisor

Schneider Electric