Product Security Engineer
Description
POSITION SUMMARY
Reporting to the Product Security Leader for a large highly visible business unit, you are on the forefront of a new wave of technology within IIoT (Industrial Automation (IA) / Operational Technology (OT)).
Cyber Security for End Products in the Embedded Devices is the main focus of our experienced Advanced Engineering Organization with the accountability to Infuse Product Security technology within important industrial products used globally.
YOUR WORK!
Primary Responsibilities :
- Collaborate with our Product Engineering and Marketing teams on technical security concepts for products.
- Coordinate with Firmware Engineering teams on security requirements within products influencing aspects such as component selection relating to secure boot and roots of trust designs.
- Support Architect, lead security designs and develop, and maintain security features within firmware / software in Industrial Component products
- Collaborate with System Architects across product teams to continually improve our security design, development, and deployment processes.
- Coordinate internal & external security specifications compliance within product portfolio.
- Be part of an internal cybersecurity audit team to comply with the internal and external standards.
Basic Qualifications
- Bachelor's degree
- Legal authorization to work in the US is required. We will not sponsor individuals for employment visas, now or in the future, for this job opening.
- Travel up to 10%
Preferred Qualifications
- Bachelor's degree in Computer Engineering, Computer Science, or Electrical Engineering with a Software, Firmware, and Circuits background.
- Typically requires a minimum of 8 years of Embedded Product development teams responsible for delivering production quality firmware, applications, device drivers and / or embedded OS
- Experience with writing C / C++ for Embedded OS (i.e. Green Hills, VxWorks, QNX, embedded Linux) as well as windows and finite state machines.
- Basic understanding of Assembly Language, Program Counters, and Stack Pointers
- CISSP or CEH (Master) with CSSLP
- Performing Risk based analysis from CVSS Scores and CVEs for various product CPEs.
- Experience in embedded systems development concepts, including cross-platform development and build tools, bootloaders, kernel configuration and device drivers
- Knowledge of Industrial Components, energy metering, power control, industrial protocols, and Rockwell Automation PLC's
- Knowledge of IEC 62443.
- Experience with CAN, CAN Analyzers, CIP protocol, CAN-Open protocol, serial break out boxes and RS485
- Experienced with simple peripherals such as A / D, D / A
- Experienced with Communication protocols, such as IO Link, Ethernet / IP and wireless (Bluetooth)
- Experience debugging and compiling device drivers.
- Experience with Trusted Platform Modules (TPM), Secure Boot, and cryptography fundamentals.
- Knowledge of web technologies databases, high-level languages (Ruby, JavaScript), frameworks (Rails, React), and architectural patterns.
- Is familiar with evaluating security threats in Embedded Devices.
- Performing Risk based analysis from CVSS Impact & Exploitability Scores from CVEs for various product CPEs.
- Experience with Security Firmware Design, V-model practices or similar.
- Know common protocols like SPE, Ethernet / IP, I2C, SPI, IPC, Modbus, CAN bus, 485, and LVDS.
- Comfortable using network protocol analyzers, logic analyzers, hardware debuggers, and source-level debuggers to troubleshoot problems at all layers of the stack.
- Has experience reading schematics and data sheets.
- Eager to hook up a logic analyzer, In-Circuit-Emulators to investigate issues with the boot chain.
- Partner across discipline, team, business, and organizational boundaries to resolve technical cyber security challenges Knowledge of secure coding & testing practices
- Delighted to break things in order to uncover security vulnerabilities
- Analyzing Threat Models from technical Requirements and Security Requirements (i.e. 62443, 800-53, & 800-82)
Derive Threats from CAPECs or other sources
- Disposition Threats vectors to test, remediate, fix, accept, transfer, or NA
- Software Bill of Materials (SBOM)
- Vulnerability Assessments
- Find CVEs from the SBOMs and derive risk heat maps
- License Tracking
- Analyzing results from Binary Analysis tools (Jfrog / Xray / vdoo) or (Black Duck BA ) to derive
- Analyzing Risk from DAST Tools to find vulnerabilities in a running application using results to analyze alerts and vulnerabilities.
- Experience with :
- Requirements tracking tools ( i.e. Jama or Jazz / Doors)
- Agile Ci / CD program management tools like Jira
- Test tools like Qtest or QC-ALMVerification / Validation-
- Secure Development Life Cycle (NIST 800-218)
- Pen Testing Processes
- CERT Process
- Experience working in a cross-functional team with both technical and nontechnical team mates.
- Able to explain complex Cyber Risks and technical issues to a non-technical Audience.
- Able to explain to technical peers why / how to find a technical solution
This position is part of a job family. Experience will be the determining factor.
LI-MG1
LI-REMOTE
Related Jobs
Product Security Engineer
Description
POSITION SUMMARY
Reporting to the Product Security Leader for a large highly visible business unit, you are on the forefront of a new wave of technology within IIoT (Industrial Automation (IA) / Operational Technology (OT)).
Cyber Security for End Products in the Embedded Devices is the main focus of our experienced Advanced Engineering Organization with the accountability to Infuse Product Security technology within important industrial products used globally.
YOUR WORK!
Primary Responsibilities :
- Collaborate with our Product Engineering and Marketing teams on technical security concepts for products.
- Coordinate with Firmware Engineering teams on security requirements within products influencing aspects such as component selection relating to secure boot and roots of trust designs.
- Support Architect, lead security designs and develop, and maintain security features within firmware / software in Industrial Component products
- Collaborate with System Architects across product teams to continually improve our security design, development, and deployment processes.
- Coordinate internal & external security specifications compliance within product portfolio.
- Be part of an internal cybersecurity audit team to comply with the internal and external standards.
Basic Qualifications
- Bachelor's degree
- Legal authorization to work in the US is required. We will not sponsor individuals for employment visas, now or in the future, for this job opening.
- Travel up to 10%
Preferred Qualifications
- Bachelor's degree in Computer Engineering, Computer Science, or Electrical Engineering with a Software, Firmware, and Circuits background.
- Typically requires a minimum of 8 years of Embedded Product development teams responsible for delivering production quality firmware, applications, device drivers and / or embedded OS
- Experience with writing C / C++ for Embedded OS (i.e. Green Hills, VxWorks, QNX, embedded Linux) as well as windows and finite state machines.
- Basic understanding of Assembly Language, Program Counters, and Stack Pointers
- CISSP or CEH (Master) with CSSLP
- Performing Risk based analysis from CVSS Scores and CVEs for various product CPEs.
- Experience in embedded systems development concepts, including cross-platform development and build tools, bootloaders, kernel configuration and device drivers
- Knowledge of Industrial Components, energy metering, power control, industrial protocols, and Rockwell Automation PLC's
- Knowledge of IEC 62443.
- Experience with CAN, CAN Analyzers, CIP protocol, CAN-Open protocol, serial break out boxes and RS485
- Experienced with simple peripherals such as A / D, D / A
- Experienced with Communication protocols, such as IO Link, Ethernet / IP and wireless (Bluetooth)
- Experience debugging and compiling device drivers.
- Experience with Trusted Platform Modules (TPM), Secure Boot, and cryptography fundamentals.
- Knowledge of web technologies databases, high-level languages (Ruby, JavaScript), frameworks (Rails, React), and architectural patterns.
- Is familiar with evaluating security threats in Embedded Devices.
- Performing Risk based analysis from CVSS Impact & Exploitability Scores from CVEs for various product CPEs.
- Experience with Security Firmware Design, V-model practices or similar.
- Know common protocols like SPE, Ethernet / IP, I2C, SPI, IPC, Modbus, CAN bus, 485, and LVDS.
- Comfortable using network protocol analyzers, logic analyzers, hardware debuggers, and source-level debuggers to troubleshoot problems at all layers of the stack.
- Has experience reading schematics and data sheets.
- Eager to hook up a logic analyzer, In-Circuit-Emulators to investigate issues with the boot chain.
- Partner across discipline, team, business, and organizational boundaries to resolve technical cyber security challenges Knowledge of secure coding & testing practices
- Delighted to break things in order to uncover security vulnerabilities
- Analyzing Threat Models from technical Requirements and Security Requirements (i.e. 62443, 800-53, & 800-82)
Derive Threats from CAPECs or other sources
- Disposition Threats vectors to test, remediate, fix, accept, transfer, or NA
- Software Bill of Materials (SBOM)
- Vulnerability Assessments
- Find CVEs from the SBOMs and derive risk heat maps
- License Tracking
- Analyzing results from Binary Analysis tools (Jfrog / Xray / vdoo) or (Black Duck BA ) to derive
- Analyzing Risk from DAST Tools to find vulnerabilities in a running application using results to analyze alerts and vulnerabilities.
- Experience with :
- Requirements tracking tools ( i.e. Jama or Jazz / Doors)
- Agile Ci / CD program management tools like Jira
- Test tools like Qtest or QC-ALMVerification / Validation-
- Secure Development Life Cycle (NIST 800-218)
- Pen Testing Processes
- CERT Process
- Experience working in a cross-functional team with both technical and nontechnical team mates.
- Able to explain complex Cyber Risks and technical issues to a non-technical Audience.
- Able to explain to technical peers why / how to find a technical solution
This position is part of a job family. Experience will be the determining factor.
LI-MG1
LI-REMOTE
Security Investigator
Busch Gardens is a place of thrills, fun and positive, lasting memories. And that's just what its like to work here! As a key member of our team, you'll play a major role in bringing happiness and excitement to people from around the world.
If you're dedicated, dependable and driven to deliver exceptional guest service, this is a place for you!
What you get to do :
- Patrol revenue facilities (shops, food, and admission) to observe employee behavior
- Investigate employee theft, ticket and credit card fraud, counterfeit currency, and any other criminal or investigatory activity assigned.
Provide timely and complete follow-up as required
- Patrol merchandise locations to observe for shoplifting in order to make successful prosecutable detainment
- Train and guide those employees assigned to the SIU (Special Investigations Unit)
- Provide asset protection training to revenue department employees
- Perform lock maintenance, to include core construction and replacement, lock repair, and troubleshooting as needed
- Assume responsibility for general office maintenance (cleaning, restocking of workbench and supplies) and general assignments by security leadership
- Administrative duties to include report processing, investigative research and documentation, depositions, and court appearances
What it takes to succeed :
- One years of Busch Gardens or theme park experience preferred
- Have a current State of Florida Class D License (Security Officer) and / or an active LE certification
- Can obtain a State of Florida Class C License (Private Investigator)
- Previous loss prevention or Law Enforcement experience is required
- Have a valid Florida Drivers License, proof of insurance and the ability to meet the SEA driving guidelines
- Have High School Diploma or GED equivalent
- Bachelor’s degree in a related field preferred
- Be able to work a flexible schedule, with late and rotating shifts, including weekends and holidays
- Knowledge of State Statutes, local ordinances, arrest, and detention laws, as they relate to adults and juveniles
- Have intermediate electronic equipment skills and advanced computer skills
- Have excellent written and verbal communication skills as well as excellent observation skillsBe able to stand and walk for extensive periods of time, and be able to do moderate lifting
- Resume must be submitted for consideration
Compensation :
Pay rate is $22.00 per hour
The perks of the position :
- Paid Time Off
- Complimentary Park Tickets and Passes
- Park Discounts on Food and Merchandise
- Medical, Dental, and Vision Insurance
- 401K Retirement plan
- Voluntary Insurance
- Life Insurance
- Disability Benefits
- Tuition Reimbursement
- Dependent and Health Care Flexible Spending Accounts
- Employee Assistance Program
- Legal Assistance Plan
EEO Employer :
SEAWORLD PARKS & ENTERTAINMENT IS AN EQUAL OPPORTUNITY EMPLOYER. ALL APPLICANTS WILL BE CONSIDERED WITHOUT REGARD TO AGE, RACE, COLOR, RELIGION, SEX, NATIONAL ORIGIN, SEXUAL ORIENTATION, PREGNANCY, GENDER IDENTITY OR EXPRESSION, DISABILITY OR COVERED VETERAN STATUS.
Security Specialist
Leidos is actively interviewing for a Command Security Manager to join our team in Tampa, FL.
JOB SUMMARY
Assist the MARCENT Command Security Manager in providing security management support with expert level proficiency in both personnel and information security.
Primary Responsibilities
- Assist in the management of personnel, information, industrial, and physical security programs for MARCENT. Including :
- Assist with verification of security clearances, visitor requests and procedures surrounding security clearances for all personnel within MARCENT including Military, Civilian, and contractors.
Maintenance and processing of the various personnel security systems and programs, including : JPAS, CATS, and eQIP maintenance and processing
- Proper Storage and dissemination of both classified and controlled unclassified information, including : providing support in the handling, marking, storage, safeguarding, and destruction of classified and controlled unclassified material / information.
- Proper enforcement of physical security standards and regulations, including : Badging system maintenance and processing
- Prepare unclassified and classified reports and briefs as required.
Basic Qualifications
- Knowledge of DISS (Defense Information Security Systems) maintenance and use.
- Knowledge of e-QIP (Electronic-Questionnaires-for-Investigations-Processing) maintenance and use.
- Knowledge of NBIS (National Background Information Services) and existence.
- Can demonstrate the proper handling, marking, storage, safeguarding, and destruction of both classified and controlled unclassified material / information.
- At least 2 years’ experience working in at least two of the following security specialty fields : Information, Personnel, or Physical.
- Active Secret clearance
Preferred Qualifications
- Expert knowledge of DISS maintenance and use.
- Expert knowledge of eQIP maintenance and use.
- Knowledge of NBIS and NBIS eApp maintenance and use.
- Can teach proper handling, marking, storage, safeguarding, and destruction of both classified and controlled unclassified material / information.
- At least 4 years’ experience working in three or more of the following security specialty fields : Information, Personnel, or Physical.
- Received formal Security Manager or Special Security Officer training from DoD services or agencies
- Valid Security Professional Education Development (SPēD) Certification
- Knowledge of the foreign disclosure process.
Pay Range :
Pay Range $53,300.00 - $82,000.00 - $110,700.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
Physical Security Coord
POSITION CONCEPT
This position is responsible for TECO Energy’s card access system, security video surveillance systems, security alarm systems and security central monitoring stations systems, with supporting responsibilities for building automation systems.
These activities include programming, developing system designs, installations, troubleshooting, preventative maintenance, administrative duties, security assessments, records retention, and emergency repairs on a 24 hour per day basis.
This position is responsible for managing external resources and coordinating internal resources for the completion of assigned maintenance and capital projects.
PRIMARY DUTIES AND RESPONSIBILITIES Responsible for coordinating physical security contracts to include contractor performance management, quality control, specification development, RFP process, technical evaluation of bid responses, contractor selection and evaluation, price negotiation and coordination of services with our clients.
Administrator of card access system, digital video surveillance, security alarm and security central monitoring station systems, while providing support for building automation systems.
Responsible for managing design, installation, operation and maintenance of card access system, video surveillance / recording systems, security alarm systems and security’s central monitoring Station.
Responsible for maintaining an inventory of spare components for card access, security surveillance and security alarms systems.
Coordinates the implementation of approved security projects by the Corporate Security Department. Perform risk analysis, and threat assessments to ascertain the most effective way to deploy security assets.
Participates in the recommendation and selection process of external contractors to provide maintenance and asset replacement services for Tampa Electric owned and leased facilities.
Recommend and approve as required; systems, materials, products, services, standards, and policies related to Physical Security activities.
Trains personnel in operations, maintenance, installation and utilization of card access, alarm, and video security systems.
Participates in maintaining compliancy of all physical security systems with regulatory and governing agencies of the North American Electric Reliability Corp.
NERC), Occupational Safety & Health Administration (OSHA), National Fire Protection Agency (NFPA), Florida Building Codes (FBC), and Transportation Security Administration (TSA).
QUALIFICATIONS Education Required : Associates Degree in Computer Science or a related field. In lieu of a degree, a High School Diploma, and an additional two years of technical experience in physical security systems and applications may be considered.
Preferred : Software House Certified C-Cure 9000 Advanced Integrator, and ExacqVision Fundamentals and ExacqVision Enterprise.
Related Experience Required : Minimum of four years experience in the installation, maintenance and esign of networkable card access, security alarm, and video systems.
Certifications : Required : Certified in Software House C-Cure 9000 Installer / Maintainer. Knowledge / Skills / Abilities (KSA) Required : Working knowledge of the design, installation, and maintenance of enterprise card access systems, video surveillance systems, security alarm systems and Central Monitoring Station systems.
Possess the ability to train others in support of this function. Direct knowledge of contract management and negotiations.
Effective communication both oral and written. Must be proficient in Microsoft Word & Excel. Preferred : Operational knowledge of ExacqVision and experience in the design and operation of Central Monitoring Stations.
Leadership Competencies Champions Safety, Health, and the Environment Takes Ownership and Acts with Integrity Drives Business Excellence for Customers Builds Collaborative Relationships Develops People and Teams Cultivates Innovation and Embraces Change Thinks Strategically and Exercises Sound Judgment Working Conditions Responsible for providing 24 / 7 support for all emergency calls and responses to meet business needs.
Required to work extended hours and weekends including shift changes. Working environment to include : hot working conditions indoors and outdoors;
and during inclement / hazardous weather. Mandatory use of protective clothing and hearing protection. Required to occasionally work on energized equipment.
Physical Demands / RequirementsBending, kneeling, climbing, carrying loads of 50 lbs., holding, squatting, reaching and repetitive movements to include grasping, pushing, and pulling and fine manipulation of hands.
Perks & Benefits : Competitive Salary, Bonus Plan, Paid Time Off & Paid Holiday Time, Medical, Dental, Vision coverage for you and your dependents, Retirement plans : 401K (with matching company contributions) & Pension Plan, Company-paid long term care coverage, life insurance and AD&D insurance, Tuition Assistance, Employee Assistance and Wellness Programs with on-site fitness centers, Opportunities for Growth & Advancement within TECO and Emera.
Physical Security Coord
Title : Physical Security Coord
Company : Tampa Electric Company
State and City : Florida - Tampa
Shift : 8 Hr. X 5 Days
POSITION CONCEPT
This position is responsible for TECO Energy’s card access system, security video surveillance systems, security alarm systems and security central monitoring stations systems, with supporting responsibilities for building automation systems.
These activities include programming, developing system designs, installations, troubleshooting, preventative maintenance, administrative duties, security assessments, records retention, and emergency repairs on a 24 hour per day basis.
This position is responsible for managing external resources and coordinating internal resources for the completion of assigned maintenance and capital projects.
PRIMARY DUTIES AND RESPONSIBILITIES
- Responsible for coordinating physical security contracts to include contractor performance management, quality control, specification development, RFP process, technical evaluation of bid responses, contractor selection and evaluation, price negotiation and coordination of services with our clients.
- Administrator of card access system, digital video surveillance, security alarm and security central monitoring station systems, while providing support for building automation systems.
- Responsible for managing design, installation, operation and maintenance of card access system, video surveillance / recording systems, security alarm systems and security’s central monitoring Station.
- Responsible for maintaining an inventory of spare components for card access, security surveillance and security alarms systems.
Coordinates the implementation of approved security projects by the Corporate Security Department.
- Perform risk analysis, and threat assessments to ascertain the most effective way to deploy security assets.
- Participates in the recommendation and selection process of external contractors to provide maintenance and asset replacement services for Tampa Electric owned and leased facilities.
- Recommend and approve as required; systems, materials, products, services, standards, and policies related to Physical Security activities.
- Trains personnel in operations, maintenance, installation and utilization of card access, alarm, and video security systems.
- Participates in maintaining compliancy of all physical security systems with regulatory and governing agencies of the North American Electric Reliability Corp.
NERC), Occupational Safety & Health Administration (OSHA), National Fire Protection Agency (NFPA), Florida Building Codes (FBC), and Transportation Security Administration (TSA).
QUALIFICATIONS
Education
Required : Associates Degree in Computer Science or a related field. In lieu of a degree, a High School Diploma, and an additional two years of technical experience in physical security systems and applications may be considered.
Preferred : Software House Certified C-Cure 9000 Advanced Integrator, and ExacqVision Fundamentals and ExacqVision Enterprise.
Related Experience
Required : Minimum of four years experience in the installation, maintenance and esign of networkable card access, security alarm, and video systems.
Certifications :
Required : Certified in Software House C-Cure 9000 Installer / Maintainer.
Knowledge / Skills / Abilities (KSA)
Required :
- Working knowledge of the design, installation, and maintenance of enterprise card access systems, video surveillance systems, security alarm systems and Central Monitoring Station systems.
- Possess the ability to train others in support of this function.
- Direct knowledge of contract management and negotiations. Effective communication both oral and written. Must be proficient in Microsoft Word & Excel.
Preferred :
Operational knowledge of ExacqVision and experience in the design and operation of Central Monitoring Stations.
Leadership Competencies
- Champions Safety, Health, and the Environment
- Takes Ownership and Acts with Integrity
- Drives Business Excellence for Customers
- Builds Collaborative Relationships
- Develops People and Teams
- Cultivates Innovation and Embraces Change
- Thinks Strategically and Exercises Sound Judgment
Working Conditions
- Responsible for providing 24 / 7 support for all emergency calls and responses to meet business needs.
- Required to work extended hours and weekends including shift changes.
- Working environment to include : hot working conditions indoors and outdoors; and during inclement / hazardous weather.
- Mandatory use of protective clothing and hearing protection. Required to occasionally work on energized equipment.
Physical Demands / Requirements
Bending, kneeling, climbing, carrying loads of 50 lbs., holding, squatting, reaching and repetitive movements to include grasping, pushing, and pulling and fine manipulation of hands.
Perks & Benefits :
- Competitive Salary, Bonus Plan,
- Paid Time Off & Paid Holiday Time,
- Medical, Dental, Vision coverage for you and your dependents,
- Retirement plans : 401K (with matching company contributions) & Pension Plan,
- Company-paid long term care coverage, life insurance and AD&D insurance,
- Tuition Assistance, Employee Assistance and Wellness Programs with on-site fitness centers,
- Opportunities for Growth & Advancement within TECO and Emera.
TECO offers a competitive Benefits package!!
Competitive Salary *401k Savings plan w / company matching
- Pension plan
- Paid time off* Paid Holiday time
- Medical, Prescription Drug, & Dental Coverage *Tuition Assistance Program
- Employee Assistance Program
- Wellness Programs
- On-site Fitness Centers
- Bonus Plan and more!
STORM DUTY REQUIREMENTS ....Please make sure to read below!!! Responding to storms will be considered a condition of employment.
TECO Energy and its companies serve a role in providing critical services to our community during an emergency. Team members are required to participate in the response / recovery activities related to emergencies / disasters to maintain service to our TECO Energy customers.
Team members are required to work in their normal job duties or other assigned activities. Proper compensation will be made in accordance with the company's rules and procedures.
TECO Energy is proud to be an Equal Opportunity Employer.
TECO Energy is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability status, veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by law, except where physical or mental abilities are a bona fide occupational requirement and the individual is unable to perform the essential functions of the position with reasonable accommodations.
In order to provide equal employment and advancement opportunities for all individuals, employment decisions at TECO Energy will be based on skills, knowledge, qualifications and abilities.
Pay Transparency Non-Discrimination Statement
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant.
However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)
ADA policy
It is the policy of TECO Energy to provide reasonable accommodation for all qualified disabled individuals who are employees and applicants for employment, unless it would cause undue hardship.
The corporation will adhere to applicable federal and state laws, regulations and guidelines, including, but not limited to the Americans with Disabilities Act (ADA) of 1990 and section 503 and 504 of the Rehabilitation Act of 1970s.
Application accommodations
Applicants may request reasonable accommodation in the application process five business days prior to the time accommodation is needed.
Pre-employment physical exams may be required for positions with bona fide job-related physical requirements regardless of disability.