Position Summary
We are seeking a highly skilled and motivated Product Cybersecurity Engineer to join our dynamic team. The successful candidate will be responsible for ensuring the security of our embedded systems, ICS, and associated cloud services. The engineer will contribute to development and implementation of global policies, tools, and practices and have a focus on supporting business units located in the Asia-Pacific region.
An individual with a diverse IT/OT background, the Product Security Engineer will work across ICS/OT/embedded technologies and IT/cloud technologies. The engineer must understand a range of disciplines, from embedded software, base operating or firmware systems and middleware services to APIs, application security, and cloud services.

Product security engineers must also focus on secure development practices, threat modeling, vulnerability management, architecture, and application security design. The engineer focuses on using secure-by-design and security-*** principles to reduce product vulnerabilities.

Essential Job Duties
Security Reviews and Risk Assessment:
61 Lead product and application security reviews, threat / risk / vulnerability analyses, investigations of security-related incidents, and assessment of the security level based on meaningful metrics.
61 Document security findings, outline remediation options, and oversee mitigation.
Security Design, Implementation, and Testing:
61 Evaluation, specification, implementation, introduction, and maintenance of cybersecurity-oriented development, engineering, and testing tools.
61 Actively engage with product development teams to facilitate secure product design addressing security requirements for new and existing products.
61 Translate cybersecurity governance policies and controls into customized implementation measures, helping to develop and implement security architectures and solutions for embedded systems, ICS, and cloud services.
Establish Product Cybersecurity Framework
61 Evaluate the existing product ecosystem and propose product changes to security leadership and engineering.
61 Facilitate or run internal education and training sessions, with a focus on product security principles.
Skills and Experience
61 Proficiency in both English and Standard Chinese (Mandarin) for effective communication and translation.
61 Highly technical and analytical experience, with a proven deep background in software engineering.
61 Experience with a combination of one or more in embedded software, ICS and OT technology, public cloud providers (AWS, Azure, GCP) and IoT service architectures and cybersecurity aspects of it.
61 Experience with development and testing cybersecurity tools such as SAST/ DAST.
61 Knowledge of international or national standards and regulations for IT/OT Security Standards, Legal issues
61 Experiences in risk-based methodologies and approaches (e.g. Threat and Risk Analysis)
Education Requirements
61 Bachelor’s degree preferred in information assurance, computer science, engineering, or related field.
Experience Requirements
61 Five-plus years of professional experience with a combination of one or more in secure product development, application security and engineering or secure development lifecycle.
Certification Requirements
61 Preferably one or more SANS certifications (GWAPT, GWEB, GCSA), CISSP, CSSLP.