Product Security Engineer - Immersive Experience
Barco
Discover how Barco can improve your business with impressive visualization and innovative collaboration solutions for professional healthcare, enterprise, and entertainment environments.
At Barco IX (Immersive Experiences business unit), we have a heart for technology and a spirit for creativity. We immerse our audiences in experiences they will never forget. The markets for our technologies range from live events to theme parks and museums to flight simulators. Our IX R&D organization focuses on developing projection and image processing products to make these immersive experiences come to life for our customers all over the world.
Job Summary
Barco is looking for a Product Security Engineer for the Immersive Experiences Business unit. The Product Security Engineer (PSE) is part of the First Line of Barco Cyber Defense within the Business Unit and manages technical aspects of product-related security and privacy risks, aligned with the corporate strategy managed by the Security Office. The PSE reports to R&D management.
You will be responsible for information security and privacy aspects for products within the Business Unit on a technical level. The PSE is the first point of contact for all technical security questions from stakeholder functions like R&D. The PSE is responsible for leading and guiding the implementation of product technical security and privacy controls, overseeing and guaranteeing adoption of the secure software development lifecycle process, compliance with applicable regulations, and informing management and the Security Office about progress in these domains.
You will be located in Kortrijk, Belgium, and interface with an international group of developers based in Belgium, Norway, China, and India.
Key Responsibilities
* Set up and maintain a cyber security roadmap together with the Product Owner.
* Rationalize the need for technical security controls to engineering teams and system architects.
* Provide security insights and guidance to R&D at both an architectural and a highly technical level.
* Own and maintain technical and process security controls in the design and development phases, e.g.:
* Threat modeling.
* Security features refinement.
* Code review process.
* Application security testing (SAST, DAST, ...).
* Vulnerability management (e.g., of open source packages).
* Vulnerability scanning (tooling and configuration).
Ecosystem:
* Organize, follow up, and provide support during product penetration tests executed by external partners.
* Take ownership of incident response management and vulnerability disclosure processes.
* Take ownership for ISO 27001 ISMS/audit product development related subjects.
* Create security whitepapers for the different product lines.
* Be the key contact point for security/privacy related topics during the pre-sales phase.
* Stay up to date with the latest security/privacy technologies, trends, and regulations and translate impact to the business stakeholders.
* Inform BU management and the Security Office about the state of security per product.
Qualifications
* Master's degree in IT or information security, or equivalent by experience.
* Preferably holder of certifications like GIAC, CISSP, CISM, ...
* At least 5 years of experience in information security management with a software development or software testing background.
* Experience with agile development processes across international teams.
* Proven experience with leading a heterogeneous group of stakeholders through threat modeling, utilizing STRIDE or other frameworks.
* Experience with management of 3rd party vulnerabilities through analysis of Software Bill of Materials (SBOM).
Technical knowledge and competencies:
* Solid understanding of security protocols, security attack pathologies, cryptography, authentication, authorization, and best practices.
* Excellent knowledge of the Common Vulnerability Scoring System (CVSS) and its application.
* Familiar with ISO 2700x frameworks and risk assessment/treatment.
* Familiar with OWASP project (Top 10, ASVS, SAMM, ...).
* Knowledge of embedded devices is a plus.
* Highly motivated individual with a genuine enthusiasm for information security and technology.
* Eager to stay up to date with the latest technologies.
* Customer-centric mindset.
* Good verbal and written communication skills in English.
* Good presentation, facilitation, and interaction skills, including the ability to effectively communicate risks, issues, and concepts to multiple organization levels.
* Ability to prioritize workloads and to know when to seek guidance.
Join the Excitement at Barco
You will work in an open and international culture. In this stimulating and challenging environment, we offer you competitive compensation and benefits, including:
* Continuous learning opportunities.
* A modern and state-of-the-art working environment.
#J-18808-Ljbffr