Lead Engineer

Key Responsibilities

• Identify, report, and mitigate cybersecurity risks, including conducting impact assessments on financial, safety, and operational aspects.
• Translate customer and industry cybersecurity requirements into actionable product controls, assessing impacts on architecture, cost, and timelines.
• Lead Threat Modeling and Risk Assessment exercises early in the design and development phase for embedded and cloud products, aligning with various cybersecurity standards.
• Facilitate architecture reviews and threat modeling, recommending mitigations across firmware, software, hardware, and connectivity.
• Provide hands-on guidance to product teams in implementing complex cybersecurity features and requirements.
• Evangelize the importance of cybersecurity by providing technical security training to software developers and test engineers, and engaging with product management, sales, and services.
• Collaborate with project teams to implement continuous threat modeling, risk assessment, tool-based assessments, SAST, SCA, and other automated tool runs within CI/CD pipelines for agile product development.
• Own or co-author key cybersecurity documents, including Cybersecurity Product Requirements, Detailed Requirements Annexure, Design & Implementation Review, Secure Configuration Guidance, Vulnerability Management Plan, and EULA inputs.
• Define and interpret cybersecurity requirements, assess their impact on product design and development, and identify robust technical solutions to ensure compliance and security throughout the product lifecycle.
• Drive “shift-left” practices and onboard projects to enterprise platforms (Code Signing, Black Duck SCA, Coverity SAST), enforcing gating criteria.
• Coach engineers, champion security culture, and help define role-based training paths to uplift security maturity.

Qualifications

Education: Bachelor's or Master's degree in Computer Science, Electronics Engineering, or Electrical Engineering.

Experience:

• 8+ years of relevant experience in Product Cybersecurity, with a focus on product/embedded/application cybersecurity or secure product development.
• 5+ years of hands-on experience with secure boot, secure firmware/software update, cryptography (PKI, key management), authentication/authorization, logging & monitoring, and hardening for embedded or connected products.

Technical Skills & Knowledge:

• Proficiency in Secure Product Development Lifecycle phases, Penetration Testing, and Threat Modeling of products, systems, and solutions, with a focus on Cloud / Industrial IoT / Critical Infrastructure products.
• Knowledge of attacks and mitigations for Cloud-based applications, Network protocols and secure network design, Operating system internals and hardening (Windows, Linux, OS X, Android), Web application security, and Mobile App security.
• Familiarity with CI/CD pipelines and tools for SAST, SCA, and other automation.
• Hands-on experience in Cybersecurity assessments, penetration testing, authentication and access control, applied cryptography and security protocols, and secure coding, preferably on embedded, ICS, and IoT products.
• Experience in one or more domains: Industrial/OT, eMobility/automotive, data center, IoT/IIoT, gateways/cloud connectivity.
• Good understanding of security protocols (HTTPS, HSTS, TLS, SSH, 802.11 security, Bluetooth, Zigbee) and ICS protocols (IEC 61850, DNP3, Modbus, WirelessHART, CAN).
• Knowledge of attacks and mitigations in Network protocols and secure network design; Operating system internals and hardening; Web application and browser security.
• Experience with enterprise project tools (Jira) and stage/gate frameworks; experience preparing for external audits and customer assessments.
• Contribution to security standards, internal frameworks, or enablement (training, playbooks, reference designs).

Certifications (a plus): CSSLP/SANS 549/SANS 510/CCSP.

Soft Skills

• Ability to work effectively in and with diverse, multi-cultural, and geographically dispersed teams.
• Ability to collaborate across multi-disciplinary teams (legal, IT, product management, project management).
• Ability to present to various levels of engineering and business leadership globally.
• Ability to serve as a technical mentor to team members and others as needed.