Assignment Details
Our client, a leading global specialist in energy management and automation is looking to engage with a Consultant Security Advisor.
Key responsibilities:
Process Responsibility:
• Deploy company’s SDL (Secure Development Lifecycle) – Prepare and present FCSR for
.Net based application.
• Create/Maintain central repository of security artefacts, create and own security plan updates.
• Act as an expert facilitator on practices such as secure design, threat modelling, and
vulnerability management
• Act as a point of contact for cybersecurity issues for application.
• Support product owners and CS Architect in specifying security requirements and bring knowledge of relevant CS standards and regulations.
• Support product teams with security best practices for design, automation, and tool selection.
• Support site, team, and offer cybersecurity certifications.
• Engage with network of experts inside and outside incubator for technical review and risk management.
Technical Responsibility:
• Familiarity with application Architecture to support plugging gaps on security design issues.
• Support implementation of security features, fixes as prescribed by CS Architect.
• Identify and communicate cybersecurity risks via periodic risk assessments, threat modelling and vulnerability management.
• Evaluate threats and vulnerabilities in application – Estimating severity, proposing possible solutions/fixes.
• Support teams with prioritizing code scan findings (SAST) fixes based on risk factors.
• Support teams with third party library scans (BDBA) to triage, updates and migrations.
• Analysis of V&V, pentest reports for vulnerabilities pertaining to application.
Duration: 12 months (Extendable based on performance)
Capacity: Full time
Location: Bangalore
Skills Required
• 10 + years of experience in Software/Firmware development for Industrial Automation
Product, familiarity or experience with C# .NET.
Cybersecurity:
• Expert/knowledgeable in threat modelling for Embedded products.
• Knowledge of securing various communication protocols.
• Knowledgeable in Application security, CVSS calculation, CWE, SANS Top 25,
OWASP Top 10.
• Know how of basic pentest techniques (attack surface analysis, Nessus scans)
• Familiarity with various tools – BDBA, Coverity, MS Threat Modeller.
• Knowledge of IEC62443(4-1 & 4-2), NIS2, EU CRA, NIST SP 800 – 82.
• Nice to have : CSSLP/CISSP/ISA – IC32/34 certifications
• Available to take periodic meetings outside of local business hours to meet with teams at
sites in Europe, US.
Share
12 month(s)
10+ years 
On-Site
