Website:
zeiss.co.in
Job details:
Position summary :
The Application & Product Security Engineering Lead (PSEL) is a member of the global Business Information Security organization at the ZEISS Consumer Markets (COM) segment and reports directly to the Head of Business Information Security COM.
The Business Information Security (BIS) organization is responsible for the implementation of information security controls, policies, and processes across the segment in close alignment with Corporate Information Security and the different business functions.
Within the BIS organization, the PSEL owns and drives the secure development lifecycle (SDL) and acts as a technical authority for product, application, and cloud security, working side-by-side with engineering teams.
The PSEL provides lateral technical leadership to 50+ Security Engineers allocated to the business functions globally. S/he provides guidance to the Security Engineers to identify applicable security requirements, supports threat modelling activities, reviews architecture proposals from an information security and data privacy perspective, reviews and approves the results of security tests and assessments, and monitors the implementation of measures.
The PSEL is strongly integrated in the processes and projects of the respective business areas with a proactive and results-oriented attitude.
Primary duties and responsibilities:
The PSEL is responsible for the definition and the operational implementation of the secure development lifecycle within the business areas developing and maintaining customer-facing applications, digital platforms, IoT products and production equipment at the ZEISS COM segment:
- Develop, document and enforce security policies and standards aligned with the strategy of the organization.
- Provide professional leadership to the Security Engineers across the segment, providing guidance regarding learning paths and further development.
- Advise teams on secure design and review architecture proposals.
- Guide Security Engineers to identify applicable security requirements. Support them in conducting threat modelling and selecting applicable security controls. Oversee the creation of security documentation.
- Ensure the proper implementation of a secure development lifecycle, including maintenance and the use of security tools, e.g., static and dynamic application security testing, software composition analysis, security monitoring, etc.
- Oversee the planning and execution of security testing activities, including penetration testing and vulnerability assessments. Together with the security engineers, review findings and define countermeasures. Ensure that the relevant findings are re-mediated before moving to production.
- Coordinate Free and Open-Source Software (FOSS)-related activities across the COM Segment. Responsible for ensuring compliance with internal FOSS guidelines in the different functional units.
- Monitor and review the effectiveness of the secure development lifecycle in the business areas. Report on its progress on a regular basis to the business owners and senior management.
- Disciplinary responsibility for the local Information Security resources of the COM Segment in Bangalore.
Experience:
- At least 10 years’ work experience in software engineering in the industry, related to customer-facing applications and products, with proven experience in the implementation of security controls. At least 3 years of experience in management positions.
- Experience in leading teams from a disciplinary and project point of view. Experience interacting with senior management in multinational corporations.
- Experience in designing and implementing a Secure Development Lifecycle for software engineering.
- Previous experience in a regulated industry is of advantage, e.g., medical, finance, insurance.
- Experience with Microsoft and/or AWS cloud technologies, Linux and Open Source, incl. experience in the development of IoT/device software.
- Experience working in an international, multicultural and multidisciplinary environment.
Knowledge / Skills / Other characteristics:
- Solid software engineering background with an in-depth understanding of the secure software development lifecycle, including the implementation of security controls.
- Good understanding of solution architecture methodologies, capable of reviewing software architecture from a security and data privacy point of view.
- Familiar with the applicable international Cybersecurity and Data Protection regulations and standards, e.g., ISO 27k family, IEC 62443 family, NIST security framework, UL 2900, GDPR, HIPAA, Chinese DSL, PIPL.
- Excellent Business English skills for professional communication and documentation. Proficiency in further widely used business languages is of advantage.
- Proactive attitude and a high degree of initiative.
- Soft skills for mentoring and fostering a security culture within the organization. Strong communication skills.
- Lateral leadership skills.
Click on Apply to know more.