Job Description:
Deep decarbonization of electricity generation together with the electrification of several end-use applications is necessary to address the climate crisis. Energy Storage Systems (ESS), such as batteries, are a key enabler for deep decarbonization to balance supply and demand. Schneider Electric's Energy Storage Center of Excellence enables deep decarbonization through the development of innovative energy storage products that are battery technology-agnostic, scalable, cost-effective, and manufacturable
Schneider Electric is looking for a Principal Technical Expert - Embedded Firmware (Cybersecurity) for Battery Management Systems (BMS) & Battery Packs for its Energy Storage Center of Excellence (CoE). SE's Energy Storage CoE enables company's growth through the development of innovative energy storage products that are battery technology-agnostic, scalable, cost-effective, and manufacturable.
Want more jobs like this?
Get jobs in Bangalore, India delivered to your inbox every week.
Incumbent will be responsible for:
• The adoption and implementation of the Secure Development Lifecycle framework (per Schneider Electric SDL V2 process) and in compliance to it Secure Lifecycle Management Policy and other cybersecurity policies, procedures, and best practices, and to advise on cybersecurity technical requirements for the development of secure products and systems.
• Regularly interacts with key stakeholders like representatives from offer development, architecture, regulations, conformity teams and technical leaders as well as stakeholders from the corporate Product Security Office (PSO) within Governance teams to ensure that cybersecurity guidelines and processes are executed in an efficient, effective, and compliant manner.
• The ideal candidate will be able to combine process and technical advisory role with assertive engagement and escalation when appropriate. The idea is not only to have people only consulting and advising, but also "acting like owners" and having an impact in our "shift-left" strategy for "security by design".
• Embedded Firmware design and development for Battery Management Systems for UPS and Storage applications...including Module Level, Rack Level and System level (~30-35 % role)
Competencies
Responsibilities:
• Understand Schneider's SDL, define and support execution at the right level for each offer, program, and project.
• Serve as the Subject Matter Expert to ensure cybersecurity topics are prioritized and embedded in the Offer development process from the design phase.
• Translate Cyber Security architecture concept to a realized design.
• Provide guidance, coaching, and expertise to implement Secure Development Lifecycle practices such as threat modelling, secure design, secure coding, implementation, and security testing.
• Collect Secure Development Lifecycle and cybersecurity metrics to contribute to data-driven strategies and plans in a protective manner.
• Aid in the deployment of Secure Development Lifecycle and cybersecurity functionalities as required by standards such as IEC62443, and work to improve the effectiveness and efficiency of these processes.
• Ensure that assigned development teams adhere to risk-driven cybersecurity processes and controls throughout the development lifecycle.
• Assist development teams in managing vulnerability triage and resolution as needed to maintain secure software environments.
• Support teams in conducting internal Secure Development Lifecycle audits and Formal Cybersecurity Reviews (FCSRs) and ensure compliance with Schneider data security and privacy processes.
• Perform foundational data protection and privacy screening of offers to ensure data privacy requirements are integrated from the initial design stages.
• Represent offer development teams in Business Unit and PSO security meetings and workshops. Stay informed about new policies, procedures, cybersecurity standards, regulations, legislation, and technologies, and keep R&D leadership updated on relevant emerging activities.
• Conduct training sessions and presentations to enhance cybersecurity competencies within development teams.
• Form a network of experts inside and outside the line of business to engage as necessary on technical reviews, risk management and customer topics.
Must-have requirements:
• Standing Certification in Cybersecurity Management such as CISSP, CSSLP; and/or IEC 62443 Certified Specialist.
• Experience of working in an Engineering/R&D group following a Secure Development Lifecycle based on standards such as IEC 62443, ISO 21434, or Microsoft SDL; with a proven ability to engage with management and development teams.
• Experience in projects where SDL practices have been applied. Experience guiding and assisting organizations in implementing security product/system development practices.
• Working knowledge of security and privacy standards, regulations, and legislation.
• Demonstrated ability to develop threat models, analysing threats, and rate threat severity using established industry practices
• Experience with embedded SW/ FW development (Programming in C, debugging, reviews, unit testing, integration testing)
• Experience in driving corporate programs using influence, negotiation, and persuasion soft skill set.
• Knowledge of static code analysis tools, secure coding standards, fuzz and penetration testing, and formal security reviews.
• An understanding of domain appropriate communication mechanisms protocols
• A background in domain appropriate development (e.g., embedded, cloud, mobile, industrial automation, energy management)
• Self-starter and team player; ability to work independently and drive initiatives.
• Strong communication skills, including the ability to render concise reports, summaries, and presentations.
• Strong analytical and problem-solving skills.
• Project management or technical leadership skills preferred.
• Languages: good level English is mandatory
Whom do you work with
- Offer Management, System Architect, FW and HW leads/ team members
- Project Manager
- External teams (customers/ vendors/ validation agencies)
KEY CONSIDERATIONS :
• Ability to align operational/information security policies with business requirements.
• Process driven with attention to detail, ability to translate operational/information security requirements into security controls in coordination with architects.
• Ability to effectively adapt to and apply rapidly changing technology and security requirements to business needs.
• Foundational data protection & privacy knowledge or willingness to acquire it during tenure
• Experience with implementing PKI infrastructure/Cryptographic Keys, secure boot, secure communications (CAN, Ethernet, BLE, Wi-Fi, Zigbee, etc), identity management, TPM, secure firmware development, secure firmware updates
• Cyber security certifications (Security+, CSSLP, CCSK, CCSP, AZ-500, SC-100, GCSA, GISCP, CIPM, CIPP...)
Qualifications
Job Description:
Deep decarbonization of electricity generation together with the electrification of several end-use applications is necessary to address the climate crisis. Energy Storage Systems (ESS), such as batteries, are a key enabler for deep decarbonization to balance supply and demand. Schneider Electric's Energy Storage Center of Excellence enables deep decarbonization through the development of innovative energy storage products that are battery technology-agnostic, scalable, cost-effective, and manufacturable
Schneider Electric is looking for a Principal Technical Expert - Embedded Firmware (Cybersecurity) for Battery Management Systems (BMS) & Battery Packs for its Energy Storage Center of Excellence (CoE). SE's Energy Storage CoE enables company's growth through the development of innovative energy storage products that are battery technology-agnostic, scalable, cost-effective, and manufacturable.
Incumbent will be responsible for:
• The adoption and implementation of the Secure Development Lifecycle framework (per Schneider Electric SDL V2 process) and in compliance to it Secure Lifecycle Management Policy and other cybersecurity policies, procedures, and best practices, and to advise on cybersecurity technical requirements for the development of secure products and systems.
• Regularly interacts with key stakeholders like representatives from offer development, architecture, regulations, conformity teams and technical leaders as well as stakeholders from the corporate Product Security Office (PSO) within Governance teams to ensure that cybersecurity guidelines and processes are executed in an efficient, effective, and compliant manner.
• The ideal candidate will be able to combine process and technical advisory role with assertive engagement and escalation when appropriate. The idea is not only to have people only consulting and advising, but also "acting like owners" and having an impact in our "shift-left" strategy for "security by design".
• Embedded Firmware design and development for Battery Management Systems for UPS and Storage applications...including Module Level, Rack Level and System level (~30-35 % role)
Competencies
Responsibilities:
• Understand Schneider's SDL, define and support execution at the right level for each offer, program, and project.
• Serve as the Subject Matter Expert to ensure cybersecurity topics are prioritized and embedded in the Offer development process from the design phase.
• Translate Cyber Security architecture concept to a realized design.
• Provide guidance, coaching, and expertise to implement Secure Development Lifecycle practices such as threat modelling, secure design, secure coding, implementation, and security testing.
• Collect Secure Development Lifecycle and cybersecurity metrics to contribute to data-driven strategies and plans in a protective manner.
• Aid in the deployment of Secure Development Lifecycle and cybersecurity functionalities as required by standards such as IEC62443, and work to improve the effectiveness and efficiency of these processes.
• Ensure that assigned development teams adhere to risk-driven cybersecurity processes and controls throughout the development lifecycle.
• Assist development teams in managing vulnerability triage and resolution as needed to maintain secure software environments.
• Support teams in conducting internal Secure Development Lifecycle audits and Formal Cybersecurity Reviews (FCSRs) and ensure compliance with Schneider data security and privacy processes.
• Perform foundational data protection and privacy screening of offers to ensure data privacy requirements are integrated from the initial design stages.
• Represent offer development teams in Business Unit and PSO security meetings and workshops. Stay informed about new policies, procedures, cybersecurity standards, regulations, legislation, and technologies, and keep R&D leadership updated on relevant emerging activities.
• Conduct training sessions and presentations to enhance cybersecurity competencies within development teams.
• Form a network of experts inside and outside the line of business to engage as necessary on technical reviews, risk management and customer topics.
Must-have requirements:
• Standing Certification in Cybersecurity Management such as CISSP, CSSLP; and/or IEC 62443 Certified Specialist.
• Experience of working in an Engineering/R&D group following a Secure Development Lifecycle based on standards such as IEC 62443, ISO 21434, or Microsoft SDL; with a proven ability to engage with management and development teams.
• Experience in projects where SDL practices have been applied. Experience guiding and assisting organizations in implementing security product/system development practices.
• Working knowledge of security and privacy standards, regulations, and legislation.
• Demonstrated ability to develop threat models, analysing threats, and rate threat severity using established industry practices
• Experience with embedded SW/ FW development (Programming in C, debugging, reviews, unit testing, integration testing)
• Experience in driving corporate programs using influence, negotiation, and persuasion soft skill set.
• Knowledge of static code analysis tools, secure coding standards, fuzz and penetration testing, and formal security reviews.
• An understanding of domain appropriate communication mechanisms protocols
• A background in domain appropriate development (e.g., embedded, cloud, mobile, industrial automation, energy management)
• Self-starter and team player; ability to work independently and drive initiatives.
• Strong communication skills, including the ability to render concise reports, summaries, and presentations.
• Strong analytical and problem-solving skills.
• Project management or technical leadership skills preferred.
• Languages: good level English is mandatory
Whom do you work with
- Offer Management, System Architect, FW and HW leads/ team members
- Project Manager
- External teams (customers/ vendors/ validation agencies)
KEY CONSIDERATIONS :
• Ability to align operational/information security policies with business requirements.
• Process driven with attention to detail, ability to translate operational/information security requirements into security controls in coordination with architects.
• Ability to effectively adapt to and apply rapidly changing technology and security requirements to business needs.
• Foundational data protection & privacy knowledge or willingness to acquire it during tenure
• Experience with implementing PKI infrastructure/Cryptographic Keys, secure boot, secure communications (CAN, Ethernet, BLE, Wi-Fi, Zigbee, etc), identity management, TPM, secure firmware development, secure firmware updates
• Cyber security certifications (Security+, CSSLP, CCSK, CCSP, AZ-500, SC-100, GCSA, GISCP, CIPM, CIPP...)
Schedule: Full-time
Req: 0097TO