Principal Product Security Engineer

Location: Pune-Maharashtra-India

Time Type: Full time

Job Description

What we look for

· Technical and operational excellence, thought leadership, and integrative thinking.

· Expert knowledge and practical product and software security experience, including secure SDLC practices, security and privacy by design architectures, and secure by default configurations.
 

Strong problem-solving skills to analyze cybersecurity issues and requirements (legal/regulatory, policy, customer, industry standards) and relate them to appropriate security controls.

· Demonstrated ability to lead change initiatives that intelligently manage software cyber risks.

· Proven ability to deliver results using agile methodologies and tools (e.g. Scrum/Kanban, Jira).

· Understanding of agile software development and continuous integration/deployment.

· Practical experience with Linux OS, programming and scripting languages (e.g. Java, Python, Perl), and security tools (e.g. Kali, Nessus, Netsparker, openVAS, BurpSuite, Metaspolit).

· Understanding of embedded systems architectures (e.g. ARM, Cortex), embedded systems tools/emulators, RTOS/Linux, network protocols and programming languages (such as C/C++).

· Understanding of penetration testing, reverse engineering, software attack vectors, fault injection, device fingerprinting, and tamper resistance.

· Understanding TPM, Secure Boot, OTP, PKI, SPI/I2C bus analyzers, JTAG probing.

· Knowledge of current security threats and techniques for exploiting software vulnerabilities.

· Understanding of web and mobile application secure design principles such as OWASP.

· Understanding of data protection, secure cloud, and network infrastructure design principles.

· Familiarity with technology risk management related frameworks such as RMF, NIST 800-53, ISA/IEC 62443, UL CAP, ISO 27001, GDPR, CSL, CSA, SOC 2 and other comparable.

· Experience with Operational Technologies (e.g. Controls Systems, Building Management) a plus.

· Superior interpersonal, organizational, written/verbal communication, and presentation skills.

· Ability to build trust with stakeholders and explain complex security topics to all audiences.

· Active participation in hackathons, cybersecurity competitions, and exercises are a plus.

· CSSLP, CISSP, CCSP, OSCP, CEH or related cybersecurity certifications.

· Bachelors degree in Cybersecurity, Computer Science, Engineering, Information Systems, or related technical degree.

· Minimum of 7 years of experience with at least 5 years in software or product cybersecurity.

· Travel is occasional at approximately 10%, including international.