Cyber security software assessor

Overview

Remote
On Site
$DOE
Full Time
Accepts corp to corp applications
Contract - Independent
Contract - W2
Contract - year CTH

Skills

Standards
Procedures
Product security
Security engineering
security methodology
software methods
tools
ISO 21434
Security engineering lifecycle

Job Details

Job title: Cyber security software assessor

Location: 100% Remote US Based consultant only

Duration: 1-year contract to hire

Position Summary:

  • Perform internal security process assessments across clients' SW organization on automotive projects.
  • Provide early feedback to software development teams on assessments to allow them to begin addressing findings as soon as possible.
  • Create security assessment reports post-assessment for SW development teams to document their compliance to clients' security standards.
  • Provide guidance and mentorship to software teams, so they can better understand compliance issues and assessment findings.
  • Monitor and provide feedback on security compliance status.
  • Provide recommendations for effective and efficient implementation.
  • As needed, coach software teams or create and provide training so that software teams can successfully achieve high-security ratings.
  • Drive and support engineering activities according to security standards during all project phases (concept, product development, product design, development, validation, production).
  • Support internal/external security process/product audits and automotive customer engagements through pre-sales and execution. Assess Tools security readiness.

Primary Responsibilities:

  • 8+ years of embedded software security experience.
  • Solid understanding of and experience in security methodology, standards, software methods, procedures, tools, and customer-related processes.
  • Hands-on engineering experience in automotive software.
  • Hands-on experience with tools that support the Security engineering lifecycle.
  • Bachelors or equivalent experience.

  • Experience with ISO 21434

Important Notes to Shortlist:

  • A SW engineering background is a must. Product security role and security engineering exposure over 3 years prefer 5+ years.
  • Infosec experience cannot be directly translated to product security unless demonstrated knowledge and skills with previous work experience.
  • Candidate need to demonstrate at least over 3 years of previous work experience with the product (sw, embedded system, av application) security field to be able to assess security and based on our product complexity overall engineering experience shall be 7+ years.
  • Automotive (aviation or IoT) industry experience is preferred (Tier 1,2 or OEM)
  • Previous security assessment experience (ISO21434 assessment is the best, but understand it's rare, IEC 62443 assessment is good) makes the candidate stand out.