Consultant – Cybersecurity, Embedded Engineering, IOT

Job Description: • Work with the runtime Cybersecurity Advisor/Coach to ensure each release of the runtime SDK is developed according to Secure Development Lifecycle (SDL), to meet internal and external cybersecurity standards, regulatory compliance, and the needs of customers. • Provide cybersecurity expertise through guidance in architecting, designing and threat model mentoring to members during development cycle. Perform cybersecurity code review for pull requests as part of the SDL process. • Evaluation, tracking, and resolution of product and runtime cybersecurity issues and related technical debt in 3rd party packages, reported both internally and from external sources, such as: --- Cybersecurity vulnerabilities (CVEs) --- OS/package patches: Debian GNU/Linux, VxWorks --- Commercial/FOSS packages: Mongoose, UA-HPSDK, OpenSSL, mbedTLS, fmt, libyuarel, Frozen, optionparser, zlib, among others. --- Management and use of tools for static and dynamic code analysis (Coverity, SQuORE, Halgrind, Valgrind, CppCheck) and Software Composition Analysis (Black Duck Binary Analysis, Black Duck Hub) in 3rd party packages and current code base with maintaining the mentioned: ------ Address false-positive findings, evaluate and triage bugs, resolving or assigning to an SME as appropriate. ------ Evaluate BDBA/BDH findings and work with the runtime teams to resolve. ------ Ensure qualimetry data for all significant branches (master branch, release branches, component branches) is current and accessible for use by management with keen attention on the mentioned: ------ Setup to support new releases as needed ------ Regular/scheduled and on-demand scans to timely detect abnormalities. ------ Monitor the changes and notify if trending is upward ------ Create and update formal report on branches Requirements: • Engineering degree (BS in Electrical, Computer Science, Robotics, or related discipline) • 8 - 12 years’ experience of code development for multitask embedded system running in Linux, VxWorks/RTOS, and windows. • Seasoned programming skills with object-oriented design (C/C++) and scripting languages (Python, Bash, Shell, PowerShell) • Knowledge of cybersecurity issues common to C/C++. Knowledge of Common Vulnerabilities and Exposures. Knowledge of IEC 62443-4-2. • Familiarity with Open-source software (OSS), Git, GitHub, Debian GNU/Linux, Ubuntu. • Familiarity with Software Composition Analysis (SCA), Static Code Analysis and Static Application Security Testing (SAST), Fuzz testing • Demonstrate ability to work with cross functional and global teams, and the ability to align and bring best in class processes, coding standards. • The Ideal consultant should be able to work with members in India, Europe and U.S. EST time zone. Benefits: • Health insurance • 401(k) matching • Flexible work hours • Paid time off • Remote work options Apply tot his job