Job Description
A rapidly-growing company that is dedicated to transforming the auto-tech sector with their linked car ecosystem technologies is looking for a DevSecOps Engineer. The selected candidates will be responsible for incorporating parameters for SAST, DAST, and Third-Party library evaluation into CI/CD processes. The company is creating market-leading products and large-scale automotive and IoT software, data, and diagnostics management solutions. The company has managed to securely raise $85mn+ during its Series B round of funding.
Job Responsibilities:
- Help create a security roadmap for all the products
- Create integration teams and deliver security product specifications that contain the software’s needs, design specifications, and test plans
- Support the Software / Cloud team’s Threat Analysis and Risk Assessment (TARA).
- Implement controls for SAST, DAST, and Third-Party library analysis into CI/CD workflows
- Other cloud security integrity controls and image assurance
- Conduct assessments of vulnerabilities in the cloud environment, including those in the infrastructure and third-party libraries, and set priorities for resolving them
- Work with the software team to implement cybersecurity requirements and assess test and software analysis reports after analyzing cybersecurity attack entry points and weighing risk versus impact
- Analyze market competition and stay current on new security technology in the automotive and consumer electronics industries
Job Requirements:
- Bachelor’s/Master’s degree in Engineering, Computer Science (or equivalent experience)
- At least 5+ years of relevant experience as a software engineer
- Experience designing secure boot, firmware signatures, and validation
- Experience planning and developing security policies, procedures, and standards within an IoT environment with constrained resources
- Understanding of operating systems, networking technologies, and specific implementations
- Working knowledge of embedded systems and associated languages and build frameworks, including POSIX
- Firmware signing and validation, signature methods and digital authentication, and non-repudiation
- Secure boot within a firmware environment, integration with TPM, and Hardware security
- Knowledge of in-memory credential handling and encrypted firmware and file systems
- Familiarity with standards like ISO 27001, SSAE 16 / 18 SOC 2, ISO 21434, and Uptane framework is nice to have
- Understanding CIS Benchmarks for Cloud providers, container technologies, and key services is a plus
- Experience with embedded computing and security, including Uptane framework or similar
- Familiarity with secure coding practices, processes, and methods is nice to have
- Experience with hardware penetration testing and penetration tools is a plus
- Strong customer focus and obsession with quality
- Ability to work in a fast-paced and agile development environment
- Strong communication and analytical skills
- Knowledge of IoT
- Proficiency in English