IoT Application Security Specialist
Malmesbury OR Bristol
You will be a member of the team responsible for ensuring our IoT landscape maintains the security our customers expect throughout both the development and product lifecycles. At Dyson, we achieve this by embedding our security experts into our design projects at all stages. The role will involve working with other subject matter experts in the wider project team, through specifying requirements for a project, being part of a design or research project or leading the implementation of a security improvement.
The role has the following responsibilities:
- Working closely with development and operations teams to build security in to applications and support processes.
- provide assurance in the application lifecycle including design reviews, supporting automated code scanning, performing targeted application vulnerability assessments, and ethical hacking across systems.
- Drive continuous improvement in application security and champion changes to the organisation to be able to respond to new threats.
- Ensuring teams have what they need to deliver secure code and applications including the skills, tools and training
- Defining cybersecurity best practices, processes, and workflows.
- Work to design and implement security controls into our software products.
- Support changes and improvements through working with the wider dev teams.
- Lead projects that involve security focused changes to our application architecture.
- Ensure we are aligning with industry recognised Standards and emerging IoT Standards and reference designs.
This role requires both in-depth technical understanding of the underlying technologies we utilise, and a keenness to work as part of a larger, highly motivated team to deliver world-class solutions.
We would expect the following key competencies:
- Strong background in both leading and contributing to a design process.
- Experience in delivering security automation through delivering “Security as Code”
- Experience of orchestrating Penetration Testing, Vulnerability Assessments and Risk Assessments using best practice risk management methodologies.
- Strong experience with securing Enterprise environments across multiple geographic regions.
- Strong conceptual thinking and communication skills.
- Ability to work well under minimal supervision and with a high degree of autonomy and responsibility.
- Team-oriented interpersonal skills, with the ability to communicate effectively with a broad range of people and roles, including vendors, IT and business personnel.
- Good understanding of technology and process optimization techniques e.g. standardisation, consolidation, simplification and automation and an appetite for continuous improvement.
- Able to travel to world-wide sites across the enterprise.
We would expect a grounded understanding of the following:
- Web & Mobile security
- Low level security (C / C++)
- Highly scalable, automated environments
- DDoS mitigation techniques
- Application code Analysis
- Access token management
- Identity Management
- API Security
- Container-based virtualisation
- Node JS
- Proven track record in Application Security, including design and implementation.
- Experience in supporting the design, development and release lifecycle of a bespoke, propriety developed solution and the challenges this presents.
- Expert knowledge of security methodology and frameworks.
- Experience in compliance protocols such as PCI-DSS.
- Knowledge on Rick analysis and methods.
- Understanding of multiple development processes and practices such as Agile/Scrum, etc.
- A bachelor's or master's degree in computer science, information security or other related field; or equivalent work experience.
- Professional application security certification, such as a Certified Application Security Specialist (CASS), Certified Application Security Tester (CAST) or other similar credentials, is desired.