DevSecOps Engineer

• Help create a security roadmap for all the products
• Create integration teams and deliver security product specifications that contain the software's needs, design specifications, and test plans
• Support the Software / Cloud team's Threat Analysis and Risk Assessment (TARA).
• Implement controls for SAST, DAST, and Third-Party library analysis into CI/CD workflows
• Other cloud security integrity controls and image assurance
• Conduct assessments of vulnerabilities in the cloud environment, including those in the infrastructure and third-party libraries, and set priorities for resolving them
• Work with the software team to implement cybersecurity requirements and assess test and software analysis reports after analyzing cybersecurity attack entry points and weighing risk versus impact
• Analyze market competition and stay current on new security technology in the automotive and consumer electronics industries

Job Requirements:

• Bachelor s/Master s degree in Engineering, Computer Science (or equivalent experience)
• At least 5+ years of relevant experience as a software engineer
• Experience designing secure boot, firmware signatures, and validation
• Experience planning and developing security policies, procedures, and standards within an IoT environment with constrained resources
• Understanding of operating systems, networking technologies, and specific implementations
• Working knowledge of embedded systems and associated languages and build frameworks, including POSIX
• Firmware signing and validation, signature methods and digital authentication, and non-repudiation
• Secure boot within a firmware environment, integration with TPM, and Hardware security
• Knowledge of in-memory credential handling and encrypted firmware and file systems
• Familiarity with standards like ISO 27001, SSAE 16 / 18 SOC 2, ISO 21434, and Uptane framework is nice to have
• Understanding CIS Benchmarks for Cloud providers, container technologies, and key services is a plus
• Experience with embedded computing and security, including Uptane framework or similar
• Familiarity with secure coding practices, processes, and methods is nice to have
• Experience with hardware penetration testing and penetration tools is a plus
• Strong customer focus and obsession with quality
• Ability to work in a fast-paced and agile development environment
• Strong communication and analytical skills
• Knowledge of IoT
• Proficiency in English