Sr Lead Engineer - Product Cyber Security

About

The Security Tech Specialist/Sr Tech Specialist works with product development teams across all regions globally to ensure commitment to the cyber security strategy of minimizing flaws and improving product resiliency to cyber‑attacks by ensuring adherence to the integrated secure development lifecycle process, which embodies a secure‑by‑design defense in depth philosophy. You will be a strong technical expert in matters related to pentesting and cyber controls and will report to a team manager responsible for product architecture review and testing. This role is part of the Product Cyber team (under the Global DT Cyber team) which focuses on continuously improving the cyber posture of products that are often installed in customer's environments.

Otis is the world's leading elevator and escalator manufacturing, installation, and service company. We move 2.4 billion people every day and maintain approximately 2.4 million customer units worldwide, the industry's largest service portfolio. We are 72,000 people strong, including engineers, digital technology experts, sales and functional specialists, as well as factory and field technicians, all committed to meeting the diverse needs of our customers and passengers in more than 200 countries and territories worldwide.

When you join Otis, you become part of an innovative global industry leader with a resilient business model. You'll belong to a diverse, trusted, and caring community where your contributions, and the skills and capabilities you'll gain working alongside the best and brightest, keep us connected and on the cutting edge.

Responsibilities

• Perform DAST, SAST & Pentest for different products
• Perform Threat Modeling and Architecture reviews for new products and design changes with existing products
• Handle Product Cyber Incident Response activities and actively contribute to Risk Management
• Work with product development teams towards secure DevOps activities and CI/CD integration issues with security tools
• Work with product development teams and carry out functional cyber risk assessments to support their cyber requirements throughout the entire development cycle
• Coordinate with quality and product development teams to periodically update cyber security design policies and ensure that these policies are incorporated into product design, with requirements for traceability and system validation and verification
• Interface with global teams and share best practices and lessons learned
• Refine and support the standard work associated with product cyber security incident response management
• Work closely with the product testing teams to validate recommended security controls
• Continually enhance the capabilities of the Cyber security team:
  • Identification of technology and methodology gaps
  • Participation and leading technical and industry committees
  • Creation of discipline health score card
• Work in an environment of continuous improvement and lean process and product development (good to have knowledge in Agile methodologies)
• Stay updated on latest cyber security hacking news, technologies and methodologies, including:
  • The latest attack methodologies, penetration testing and red‑team methodologies
  • Latest forensic and incident response methodologies
  • Attend security or hacker conferences and stay on the cutting edge

Requirements

• Bachelor of Science/Engineering in cyber security, computer science or a related engineering discipline
• 10+ years of product cyber security engineering and software systems development experience, with at least 4 years hands‑on experience with penetration testing methodologies and tools
• In‑depth knowledge of IEC 62443 and related cybersecurity standards
• In‑depth knowledge of requirements capture, cyber security threat modeling and systematic discovery of threats as part of a Secure Development Lifecycle, with broad understanding of potential vulnerabilities at different layers of hierarchical systems
• Cyber security certifications such as OSCP, GSEC, CEH
• Knowledge of state‑of‑the‑art security analysis tools and various product cyber security safeguards (threat modeling, source code analysis, dynamic analysis, penetration testing, audit/compliance tools)
• Excellent written and verbal communication and presentation skills; adept at communicating with globally dispersed cross‑functional teams
• (Preferred) Strong knowledge in various cryptographic systems and requirements for authentication, authorization and encryption for various types of systems
• (Preferred) Intimate knowledge and experience with incident response management and risk assessment

Benefits

• If you live in a city, chances are we will give you a lift or play a role in keeping you moving every day.