Apply now »
Location: 

Date:  Jan 21, 2023
Job ID:  5203

Product Security Officer (m/f/d)

As an international company with European roots (HQ in Kortrijk, Belgium), Barco has a culture of collaboration across borders and nationalities.

Because we believe diversity leads to more great ideas and drives innovation.

Thanks to our over 3,000 visioneers, we develop unique visualization & collaboration technology that helps professionals accelerate innovation in the healthcare, enterprise and entertainment markets.

Product

OpSpace is a Barco product easing the daily work of a control room operator. It is a distributed system based on Linux which provides freely configurable workplaces integrating all kind of application and video sources along with a highly efficient UI allowing fast interaction in mission critical environments. Each workplace can be composed of multiple hardware clients and has a multi-server backend. Integrated into a highly efficient UI, OpSpace offers various application and video sources, which can be customized, shared between users and concurrently used in the same workplace. To further increase functionality of OpSpace, Barco is looking for a Product Security Officer (m/f/d).


Function
The “Product Security Officer” (PSO) is part of the Security Office and oversees cybersecurity and privacy risks related to the product lifecycle, manages cybersecurity product certifications and assures the product teams develop their products in line with the corporate security risk appetite and corporate information security objectives.
The PSO is providing advice, design/deployment support, guidance and subject matter expertise for product security/privacy topics and must have a broad knowledge on risk management and technical/architectural areas within product development. The PSO is closely aligned the operational product security roles and other stakeholders within the Business Unit(s).

As part of this team, you will provide an overview of security requirements and best practices relevant for our system. You will develop methods and patterns translating them into actionable pieces to help development teams improving their code with respect to software security. Next to this you will organize and contribute to software security related testing of OpSpace.
 

 

Key Responsibilities

  • Contribute to the development, maintenance, and improvements of product security compliance and risk methods, e.g. policies, processes, standards, metrics/KPIs, guidelines and assessment tooling.
  • Promote, monitor and improve process security controls in the design and development phases, e.g.:
    • Security baseline
    • Threat modeling
    • Code review process
    • Application security testing (SAST, DAST, ...)
    • Vulnerability management (e.g. of open source components)
    • Vulnerability scanning (tooling and configuration)
  • Execute product security risk assessments in context of ISO27k risk management and drive mitigation in product design, development and deployment processes.
  • Steer and maintain product security certification activities worldwide and drive related activities in product design and development.
  • Contribute to product security incident, vulnerability disclosure processes and exception management processes.



Qualifications

  • You have a master degree in IT or information security, or equivalent by experience
  • You have a minimum of 5 years of experience in information security management, preferably also from development perspective (defensive side)
  • Proven experience in an agile development context across international teams
  • Proven experience with ISO 2700x frameworks and risk assessment/treatment 
  • Knowledge of and experience with product security certifications is a plus (Common Criteria, FIPS and other national certifications in Europe)
  • You have a solid understanding of security protocols, cryptography, authentication, authorization and best practices
  • Very broad technical background: from embedded devices to cloud deployed services
  • Knowledge of Linux, open source development, virtualization and containerization technologies
  • Knowledge of popular programming/scripting languages like C/C++, javascript and python.
  • Good verbal, written, presentation, facilitation, and interaction skills, including ability to effectively communicate risks, issues and concepts to multiple organization levels and executive management
  • Good communication skills both written and verbal in English and a critical, customer-centric mindset
  • Preferably holder of certifications like GIAC, CISSP, CISM, ...



Our Offer

  • A permanent contract with a fair salary
  • Working with modern tools in an agile software development process
  • Collaboration on high-quality products for the industrial environment
  • An interesting and challenging job in a flexible working environment an remote work option
  • Membership in a highly motivated, interdisciplinary and international team
  • Internal training in our Barco University

     

Apply now »