Product Security Development (SDL) Expert
Wärtsilä Oyj Abp
Wärtsilä is an innovative technology company known for being a forerunner in the Marine and Energy markets. Every day, we – Wärtsilians - put our hearts and minds into turning Wärtsilä's purpose of enabling sustainable societies with smart technology, and our Smart Marine and Energy visions into reality. Our ultimate aim is to provide increased value to both our customers and society. New, game-changing ideas and continuous improvement have been part of our DNA since 1834. Together, we can create new business opportunities and more sustainable future that we can all be proud of.
We want to transition the world towards a cleaner future. By pushing the boundaries of engineering and technology, we can make it work. We are always on the lookout for future-oriented talent – want to join the ride?
We are seeking a Product Security Development (SDL) Expert within Wärtsilä Cyber security organization to develop cyber security capabilities in Wärtsilä products and services domain.
As an expert within our Cyber as a Service team, you will work in the context of product security and cyber security service development with both internal and external customers. Internally you will apply your knowledge in consulting and supporting internal product development and service teams, developing and executing security development initiatives across geographically spread product teams.
You are comfortable in discussing Security Development Lifecycle (SDL) approach with product teams and familiar with security of IoT and industrial controls systems. Externally you will engage with customers and provide support and assurance in meeting customer requirements and co-develop products and services that are meeting the market demand. You will help ensuring product compliance and balanced security approach for our products and solutions.
Location for this position is preferably Helsinki, Finland, but other main Wärtsilä locations are possible as well.
In your job, you will be supporting a global SDL development agenda as a subject matter expert (SME) in distinct and diverse SDL disciplines.
You are providing cyber security guidance and consultancy to internal and external customers, as well as developing and providing SDL support in selected disciple areas, possibly including:
- Threat modelling development and executions
- Secure coding conventions
- Code signing solution development / PKI CA development
- Providing technical analysis and guidance on product security (internally and externally). Architectural support for products and service solutions.
- Product hardening support and product OS hardening
- Security testing
- Conducting vulnerability assessment and penetration testing (VAPT) and configuration reviews for Wärtsilä products (and customer installations as external service)
In your role, you will also have a possibility to work as part of larger security team and community, providing:
- Provide technical analysis and guidance on ICS and product security
- Provide advisory and support in incident response through Wärtsilä PSIRT
- Provide cyber security guidance and consultancy to internal and external customers
- Help business in translating cyber requirements into tangible actions and solutions that are meeting customer and market demand
General Knowledge, Skills and Abilities:
- Knowledge of ICS / SCADA, automation and IoT
- Knowledge of common scripting and programming languages
- Knowledge of applicable cyber security standards, particularly those involving critical infrastructure and networks
- Subject matter expert (SME) in one or multiple areas such as embedded SW, firewalls, access control, authentication, anti-virus/whitelisting, patching, IDS/IPS, logging and SIEM, Cloud Platforms (AWS, Azure), Windows, UNIX, threat detection analysis, and/or information risk management
- Experience in dev and ops of different types of software
- Understanding of security development lifecycle (SDL), SW development
- Understanding in SW architectural design
- Excellent writing and verbal communication skills.
- Must be flexible and able to manage multiple tasks and priorities.
- Security-related certifications a plus – CRISC, CISSP, CISM, etc.
- Ability to travel up to 10% working time
- A unique possibility to implement first class cyber security for Energy and Marine Business globally
- A forward-looking and supportive working environment with competent and motivated colleagues in a company where Cyber Security has a key role in business
- A multinational and diverse working community and benefits and career opportunities of working in global company
- An independent expertise role with a possibility to influence and develop security approach across our business
Please apply by 27th September, 2020.
Contact person for more information:
Manager, Product Security Development, Cyber As-a-service
firstname.lastname@example.org or +358 40 7080543 (contact hours via phone: 18.9.2020 between 12-14, 22.9.2020 between 11-13)