Senior Engineer - Cloud Security

C. Driving Threat Modeling and Risk Assessment exercise with product teams early in the design and development phase to identify applicable cybersecurity requirements focusing embedded and clod products, in line with various cybersecurity standards.

D. Providing hands-on guidance to product teams as they implement complex cybersecurity features and requirements in their products, in line with various cybersecurity standards.

D. Evangelizing and providing technical security trainings to software developers and test engineers across the organization and evangelizing the importance of cybersecurity in other functions like product / project management & sales /services.

E. Monitoring evolving threat landscape, cybersecurity technologies, Cloud Security,Embedded Containers security, standards, frameworks and drive continuous improvement in Eaton's cybersecurity requirements, frameworks and processes.

F. Working with DevSecOps project teams, to provide continuous threat modeling, risk assessment, Clod Security, SAST, SCA and other automated tool runs, in CI/CD pipelines across scrum teams doing product development in Agile mode. "

Qualifications:

Bachelor's or master's degree in Computer Science, Electronics Engineering, Electrical Engineering.
"5+ years of relevant experience in Product cybersecurity,
3+ years of relevant experience in Cloud Security"

Skills:

"The engineer should be -
1) Understanding and experience in working across multiple phases of Secure Product Development Lifecycle, performing Penetration Testing of various technologies and Threat Modeling of products, systems and solutions. With a focus on Cloud / Industrial IoT / Critical Infastructure products (Must have).
2) Coding experience in one or more general purpose languages
3) Knowledge of attacks and mitigation in : Cloud-based applications, Network protocols and secure network design; Operating system internals and hardening (e.g. Windows, Linux, OS X, Android); Web application securtiy
Mobile App security.
4) Having a knowledge of CI/CD pipelines, Cloud Security, DevSecOps and tools for SAST, SCA and other CI/CD tools.
5) Able to understand cybersecurity including Cloud Security (Containers, dockers) concepts in depth and be able to apply those concepts to Eaton products for cybersecurity testing.
6) Able to perform Threat Modeling and Risk Assessment for Eaton products
7) Having hands-on experience in various Cybersecurity activities including but not limited to - Cybersecurity assessments and penetration testing; Authentication and access control; Applied cryptography and security protocols; secure coding; preferably on embedded, ICS and IoT products.
8) Having hands on expertise with cybersecurity tools like Nessus, Black Duck, Defensics, Nessus, Burpsuite, Coverity, Kali Linux, MS AZURE DEFENDER, Palo Alto Pisma etc.
9) Having Good understanding of security protocols (HTTPS, HSTS, TLS, SSH, 802.11 security, Bluetooth, Zigbee) and ICS protocols (IEC 61850, DNP3, Modbus, WirelessHART, CAN)
10) Having knowledge of attacks and mitigation in : Network protocols and secure network design; Operating system internals and hardening (e.g. Windows, Linux, OS X, Android); Web application and browser security.
11) Having certifications like CSSLP/SANS 549/SANS 510/CCSP (any one ) is a plus."
"1) Ability to work in and with diverse & multi-cultural and geographically dispersed teams
2) Ability to collaborate across multi-disciplinary teams (legal, IT, product management, project management)
3) Ability to present to various levels of engineering and business leadership globally.
4) Excellent Documentation Skills
5) Be a technical mentor to other members of the team and beyond as needed"