Basic Qualifications (Including Educational Requirements)
The Lead Cybersecurity Engineer will be part of a team of security experts in driving security initiative in Eaton Electrical product solutions. He/she will be responsible for:
• Be involved with product teams throughout the design and development phases and contribute to ensure ‘security by design’ in all new products
• Lead threat modeling exercise with product teams, determine appropriate security architecture and engage with product teams in providing implementation guidance on software, firmware and hardware security controls.
• Work closely with multiple Eaton teams (security compliance, legal) and external teams (ICS-CERT) to identify, test and address vulnerabilities in Eaton products in a timely manner by providing recommendation to product teams and preparing analysis reports for management.
• Constantly evaluating the evolving threats, regulatory requirements, customer expectations and accordingly adapting internal technology and processes to remain ahead of the curve.
• Proactively responding to queries and request for product security information and reports from both internal and external customers.
• Lead the verification efforts for Cybersecurity implementation across the electrical sector and work with third party certification agency to drive the certification of products in the electrical sector.
• Providing technical security trainings to software developers and test engineers across the organization and evangelizing the importance of cybersecurity in other functions like sales, services and product & project management.
• May be required to perform some code reviews for secure coding across the Electrical Sector
This position will work with the Electrical Sector’s Cybersecurity Council Group to ensure close coordination and compatibility of efforts to drive security strategies in the sector.
• Bachelor’s or master’s degree in Computer Science, Computer Engineering, Software Engineering or Electrical Engineering
• 5+ years of experience in secure product development lifecycle including threat modeling, framing security policies, designing protection mechanisms and vulnerability assessment & penetration testing
• 4+ years of experience working with vulnerability assessment and penetration tools like Kali Linux, Nessus, IBM AppScan, BurpSuite, IDAPro
• 3+ years of hands on experience in the design and implementation of software/firmware systems using either C++, C and/or Java (.Net or C# is a plus)
• 3+ years of experience in using reviewing vulnerabilities identified through automated tools for static and/or dynamic code analysis
• Solid understanding of security protocols (HTTPS, TLS, SSH, Kerberos, wireless security protocols)
• Understanding of programming techniques involved in secure software development (e.g. safe protocol parsing, defensive programming etc.)
• Understanding of embedded systems protocols (IEC 61850, DNP3, Modbus, WirelessHART)
• Understanding of the unique security challenges in one or more of: Industrial Automation and Control Systems, Smart Grids, Intelligent Vehicles, Aerospace industry
• Specialized degree in any stream of security preferred
• Understanding of cybersecurity standards and regulations (eg: NERC-CIP, IEC 62351, IEC 62443, NIST 800-53 )
• Interest and experience in all aspects of computer and network security. From requirements gathering, designing, development, testing, user experience to operations.
• Experience designing security solutions for distributed systems.
• Understanding of security software solutions (IPS, Firewall, application firewalls, device security, encryption, etc.)
• Industry certifications such as, CISSP, CSSLP, CCSK desirable
• Ability to influence without authority and work with various technical leads in different organizations.
• Ability to respond quickly and effectively to changing priorities.
• Excellent interpersonal and communication skills including the ability to explain technical concepts.
• Ability to foster collaboration across global development teams.
• Abreast of upcoming security development engineering tools, trends, and methodologies.
• Strong problem solving and reasoning ability, exhibiting technical innovation and creative solutions.
• Sharp analytical abilities and proven design skills.
Eaton is a power management company with 2015 sales of $20.9 billion. Eaton provides energy-efficient solutions that help our customers effectively manage electrical, hydraulic and mechanical power more efficiently, safely and sustainably. Eaton has approximately 97,000 employees and sells products to customers in more than 175 countries. For more information, visit www.eaton.com. At Eaton, we see things differently. We see opportunities to innovate, go above and beyond, and we work hard because what we do reflects who we are. If you see things differently—if you’re determined, motivated and focused on improving the world around you—then it’s time to see where a career at Eaton can take you. For more information, visit www.eaton.com/careers. Eaton is an Equal Opportunity and Affirmative Action Employer. Eaton is committed to ensuring equal employment opportunities for all job applicants and employees. Employment decisions are based upon job-related reasons regardless of an applicant's race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, marital status, genetic information, protected veteran status, or any other status protected by law.