Security Engineer
Apply now »Date: Nov 8, 2024
Location: Noida, IN
Company: Barco
About Barco
Barco designs technology to enable bright outcomes around the world. Seeing beyond the image, we develop visualization and collaboration solutions to help you work together, share insights, and wow audiences. Our focus is on three core markets: Enterprise (from meeting and control rooms to corporate spaces), Healthcare (from the radiology department to the operating room), and Entertainment (from movie theaters to live events and attractions). We have a team of 3,600 employees, located in 90 countries, whose passion for technology is captured in 400 granted patents. As part of BCR Software Development group at Barco our vision is to be a world class software team partnering with our businesses to offer successful software solutions and outcomes that delight our customers and set the trend in our dynamic markets.
BCR (Barco Control Rooms)
The Barco Control Rooms business unit is making workflow and visualization solutions for the Control Room market since 1994 to help operators collect, visualize and share critical information for optimal mission-critical decision making. Today, we are still the number one choice for control room professionals who want to stay on top of their situational awareness with 12000+ installations for critical infrastructure and critical operations.
Barco CTRL is our latest flagship software product. It is a simple, scalable and secure platform, that gives an operator full control over the information flow in an easy and intuitive way for faster and efficient decision making.
About the Role
-
Lead and mentor the group of R&D Security Champions and take ownership of the groups’ meetings and activities
-
Provide security insights and feedback to R&D at highly technical level (e.g. during code reviews)
-
Lead R&D teams during threat modeling exercises and security risk analyses during design/development phases
-
Challenge R&D teams and system architects about the why and how technical security controls should be integrated
-
Design and document technical security controls in different product lines
-
Own and maintain process security controls in the design and development phases, e.g:
-
Threat modeling
-
Code review process
-
Application security testing (SAST, DAST, …)
-
Vulnerability management (e.g. of open source packages)
-
Vulnerability scanning (tooling and configuration)
-
Provide security support during product penetration tests executed by external partners
-
Take ownership of incident response management and vulnerability disclosure processes
-
Take ownership for ISO 27001 ISMS/audit product development related subjects
-
Contribute to the creation of security whitepapers of the different product lines
-
Key contact point for security/privacy related topics during pre-sales phase
Stay up to date with latest security/privacy technologies, trends and regulations
Inform Security Office about the state of security per product
Qualifications and Experience
Education:
Bachelor’s/Master's degree in IT or information security, or equivalent by experience.
Experience:
-
At least 5 years of experience in information security management with a software development or software testing background
-
Experience with agile development process across international teams
-
Familiar with ISO 2700x frameworks and risk assessment/treatment
-
Knowledge of third-party auditing and risk assessment methodologies
-
Familiar with security attack pathologies
Competencies:
-
Solid understanding of security protocols, cryptography, authentication, authorization and best practices
-
Proven experience with leading and guiding a group of stakeholders from different functions through threat modeling, utilizing STRIDE or other frameworks
-
Excellent knowledge of the Common Vulnerability Scoring System (CVSS) and its application during technical vulnerability assessment
-
Experience with management of 3rd party vulnerabilities through analysis of Software Bill of Materials (SBOM)
-
Ability to explain security concepts and security processes to technical stakeholders such as R&D Software Engineers
-
Very broad technical knowledge: from embedded devices to containerized deployments of services, from backend to frontend
-
Familiar with OWASP project (Top 10, ASVS, SAMM, …)
-
Coding skills: C, C++, JavaScript (Rust & Go a bonus)
-
Highly motivated individual with a genuine enthusiasm for information security and technology
-
Eager to stay up to date with latest technologies
-
Customer centric mindset
-
Good verbal, written, presentation, facilitation, and interaction skills, including ability to effectively communicate risks, issues and concepts to multiple organization levels and executive management
-
Good communication skills both verbal and written English
-
Ability to prioritize workloads and to know when to seek guidance
Differentiating Criteria:
Preferably holder of certifications like GIAC, CISSP, CISM, …
Disclaimer:
Barco is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulation