Embedded Systems Security Engineer - JCI Cork, Ireland Bookmark Share Print 48 0 1

Listing Description

Embedded Systems Security Engineer

What you will do

We are seeking an individual who is passionate about cyber security and who wants to join a vibrant team in providing cyber security and innovation capabilities, such as vulnerability, penetration & fuzz testing at scale across the global IoT & Embedded Systems Smart Building products portfolio of Johnson Controls.

The successful candidate will join a team that specializes in providing security testing of Embedded Systems & IoT, Web & Mobile applications and Cloud services for Smart Building Ecosystems both in commercial and residential markets. The team also has in its portfolio development of cyber security reference architecture solutions, Incident Response Forensic Analysis and Cyber Security Innovation.

How you will do it

This role reports to the Director of Global Product Security Engineering & Innovation Services as an individual contributor. The role is currently open to both mid and senior level experts. Duties include:

Consulting with product teams on ‘security by design’ principles across the Software Development Lifecycle to assist Security Architects when conducting product specific security assessments.

Perform static and dynamic code analysis, vulnerability scanning and ethical hacker penetration testing to detect any potential security design flaws or vulnerabilities.

Working with the team to build upon and extend innovation & proof of concept capabilities such as edge to cloud, secure fog integrations and/or various custom bespoke automation for security testing automation and dashboarding.

Prototyping and testing countermeasures to defend against attacks where necessary.

Consult and support product teams in mitigating any discovered security design flaws or vulnerabilities.

Perform threat analysis such as monitor vulnerability trends across product ranges, track vulnerability remediation and produce reports at various levels of granularity to product teams and at executive level.

Aid and support in product security incident and response activities.

Perform forensic analysis of any potential incidents here necessary.

Demonstrating proof of exploit where necessary.

Help coordinate third party penetration testing vendor engagements with product teams.

Undertake relevant cyber security training courses and attend cyber security conferences to stay current on latest technologies and evolving threats.

What we look for

Must have a BSc/BEng or equivalent experience in Electronic Engineering, Computer Security, Computer Science, Software Engineering, Information Systems or other related fields.

Must have a minimum of 4 years engineering level experience. For example, in embedded systems security, IoT, application security and/or (secure) embedded/firmware software development is desired.

Good understanding of embedded systems architectures (such as ARM, Cortex), embedded systems tools/emulators, RTOS/Linux, embedded network protocols and programming languages (such as C/C++).

Good understanding of one or more of the following is desired: reverse engineering, Invasive/semi-invasive attacks, fault injection, hardware Malware, Physically Uncloneable Functions (PUFs), physical layer identification/device fingerprinting, tamper resistance.

Good understanding of one or more of the following is desired: TPM, Secure Boot, OTP, PKI, SPI/I2C Bus Analysers, JTAG probing.

Good understanding of one or more security tools (such as IDA Pro, Kali embedded systems tools, Metaspolit and so forth).

Must be eager to learn a constantly changing field and technology stacks, work in a fast-paced environment with tight development schedules, and partner with product development teams to guide them in meeting security requirements in a way least impactful to their development timelines.

Advantage but not required to have security certifications such as CISSP, CEH, CSSLP.

Ability to work well under minimal supervision.

Requires strong interpersonal, organizational, written and verbal communication skills.

Ability to work with incomplete and ambiguous information to influence system and product direction understanding security and functional requirements.

Location

Cork, Irelandhttps://johnsoncontrols.referrals.selectminds.com/jobs/embedded-systems-security-engineer-55835