Senior Security engineer IRC216242

at  GlobalLogic

DESCRIPTION:

In Grid Integration Service Solutions, we are currently looking for a skilled and motivated engineer to join our team of R&D specialists. Are you interested in developing control concepts and software for new charging solutions in the field of e-Mobility, such as eBus flash-charging? Are you passionate about working in close collaboration with a wide range of stakeholders and the company’s global R&D team drawing on your demonstrable communication skills? Then this job is for you!

REQUIREMENTS:

Technical skills and knowledge
Frameworks: C#/.Net, Angula
Microservice-oriented architecture, REST APIs, containerization (Docker)
Microservice orchestration with Kubernetes: deployment and configuration, secret management, ingress control, persistent data management,
Security: authentication/authorization/access control (OAuth, OpenID Connect, Keycloak), secure communication (TLS/SSL), certificate management (PKI), secret management (Vault), security hardening principles (CIS benchmark), data protection (encryption in transit, at rest), secure boot, threat detection and protection.
Cross-cutting: logging, monitoring, e.g., OpenSearch/Fluentd/Logstash, syslog, Prometheus, Grafana.
Cloud: MS Azure, GCP
Networking protocols, network devices and functions, VPN, network and web application firewalls
Other skills
Documentation: Wiki/Markdown, Diagraming in e.g., Visio, draw.io
Communication: Proficiency in English, both speaking and writing.
Quality assurance and secure software development lifecycle principles.
Agile software development
Education
Bachelor, preferably Master in Computer Science/Engineering

Act as an individual contributor in RD team and lead the product security efforts
Own, enforce, and continuously improve the security development lifecycle process according to IEC 62443-4-1 standard
Prepare security requirements documents as part of product requirements engineering and customer solution development phases
Prepare security architecture and design documents in response to requirements specifications, develop associated user stories, and drive them through the product development lifecycle
Conduct and document threat modeling and attack surface analysis for product releases
Conduct code reviews to ensure compliance to the security development lifecycle as well as security architecture and design
Ensure products are meeting Hitachi Energy’s minimum cyber security requirements or if customer-specific or respective standards such as IEC 62443-3-3 or IEC 62443-4-2
Develop, implement, and configure security controls and solutions (e.g., L3 and L7 firewalls) concluded with respective quality assurance and user acceptance testing activities
Conduct security risk assessments and drive the product releases through Hitachi Energy cyber security clearance process and respective tests in close collaboration with Hitachi Energy product security officers and security assurance teams
Analyze the developed code, prepare bug reports, conduct root cause analysis, suggest fixes, implement and / or ensure implementation of the identified solution, subsequent verification and validation steps
Deploy and operate security solutions for internal / external customer projects in on-premise and / or off-
premise models
Act as L3/L4 support team member for security incident (e.g. vulnerabilities) management process
Engage with internal / external software development vendors