CASY-MSCCN Jobs

CASY-MSCCN Logo
Home View All Jobs (2,304,139)

Job Information

QuEST Global Product Security Engineer - Embedded in Bangalore (Bengaluru), India

60199BR

Title:

Product Security Engineer - Embedded

Job Description:

Quest Global is an organization at the forefront of innovation and one of the world’s fastest growing engineering services firms with deep domain knowledge and recognized expertise in the top OEMs across seven industries. We are a twenty-five-year-old company on a journey to becoming a centenary one, driven by aspiration, hunger and humility.

We are looking for humble geniuses, who believe that engineering has the potential to make the impossible, possible; innovators, who are not only inspired by technology and innovation, but also perpetually driven to design, develop, and test as a trusted partner for Fortune 500 customers.

As a team of remarkably diverse engineers, we recognize that what we are really engineering is a brighter future for us all. If you want to contribute to meaningful work and be part of an organization that truly believes when you win, we all win, and when you fail, we all learn, then we’re eager to hear from you.

The achievers and courageous challenge-crushers we seek, have the following characteristics and skills:

Job Responsibilities

In this role you will be responsible for designing, building, testing and implementing systems with the primary goal of security/patient safety across medical device product portfolio in various operating environments. Some of the focus areas for this position include: Prevention of breach of Intellectual Property (IP), Attack surface minimization, preventive security and privacy controls, incident/vulnerability management.

This role requires experience with security technologies and implementation experience for products with varying levels of capabilities and diverse user environments for both internal and external customers. A hands-on experience and interest in latest security standards, protocols, products and systems is mandatory for the success of this role.

Roles and Responsibilities:

  • Work directly with embedded software developers in building a security by design mindset by defining implementations and coding inline with the Application Security Program mandates

  • Implement embedded secure code solutions, design patterns, and coding guidelines that meet security and privacy requirements defined in the security plans, risk assessments, policies, and procedures

  • Support security project governance through scheduling activities, planning and prioritization

  • Proactively drive security solutions implementation in-alignment with the development leads, security architects and product owner(s)

  • Drive feature implementations in line with the architecture via designs, coding, reviews and tests. Perform Proof of Concept (POC) activities as necessary

  • Review, Analyze and mitigate SAST, DAST, SCA and penetration test findings in collaboration with the developers for various electromechanical medical devices product lifecycles

  • Review current software security control measures and implement security enhancements across multiple medical devices

  • Participate in post-market product analysis to support vulnerability investigations as required as well as be engaged in continuous security monitoring

Required Skills (Technical Competency) :

  • Experienced security developer able to interpret and guide software development teams on secure coding practices and application security test report interpretation for various coding languages and operating environments

  • Strong knowledge of secure software development lifecycle and practices including SAFe/ Agile methodologies for software development

  • Understanding of security by design principles and architecture level security concepts

  • Sound understanding and experience in implementing security technologies/techniques such as, Cryptographic Algorithms/Cipher Suites, Public key Infrastructure (PKI), Hardware/embedded authentication protocols, Secure Boot, and data-at-rest encryption methods

  • Experience implementing OWASP Top10 application security guidelines in embedded systems

  • Knowledge of embedded system architecture and security controls (e.g., firewall and border router configurations, wireless communication architectures, messaging authentication protocols

  • Experienced in generating, defining, and reviewing penetration test results through knowledge standard methodologies and tools including environmental configuration definition, security analysis, threat modeling, and system security audits

  • Knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities

  • Exposure to international privacy requirements & cross-industry trends

Qualifications and Skills

  • Bachelor's degree in Computer Science, Computer Engineering, a related field or equivalent demonstrated experience and knowledge

  • Minimum 8+ years of experience in software development or related fields.

  • Minimum 5 years technical experience working with product security design/development for embedded systems

  • 3 years working with each of the following:

  • Experience with C/C++, Python, Linux and/or security design within real-time operating systems

  • Experience analyzing, interpreting, and mitigating security findings from multiple sources including SAST, DAST, SCA and penetration tests

  • Embedded data at rest security implementations including Code Signing, Secure boot, and flash encryption implementations

  • Embedded/IoT wired and wireless secure networking implementations within multiple layers of the OSI stack

  • IoT/Embedded PKI solutions and implementation.

Auto req ID:

60199BR

Job Type:

Full Time-Regular

Assignment Country:

India

Total Years of Exp:

5 - 8

Education Type:

BE

Assignment State:

Karnataka

Assignment Location:

Bangalore (Bengaluru)

Experience Level:

Mid Level

DirectEmployers