IoT Application Security Specialist

Competitive

Malmesbury OR Bristol

Description

We are recruiting an Application Security Specialist to join our Security Architecture team. You will work in a specialist team that focuses on IoT, helping ensure we develop a secure eco-system for our internet connected products.

Market Overview

In May 2016 Dyson launched its second connected product, the Dyson Pure Cool Link (Winner of T3’s Connected Home Tech of the Year 2016), which joins our existing 360 Eye robot vacuum cleaner with its companion eco-system, Dyson Link. Dyson Link is our IoT solution to enable Dyson products to work in a connected environment. It includes the key components required to create an exciting connected product experience, from mobile apps, web/CRM integrations and cloud services

Function Overview

Dyson’s secrets are worth billions. Protecting the business on a global scale – from day to day malware to the most advanced cyber spying – is a 24/7 assignment. Our IT Security team thrives on the challenge – keeping a constant look out, collaborating internationally and across the business, and adapting rapidly to threats. Ultimately it takes the right people, as well as right technology, to protect Dyson: tenacious, resilient and inventive enough to stay one step ahead. The reward is an enlivening environment on the cutting edge of IT security. And a career full of diverse opportunities.

Accountabilities

You will be a member of the team responsible for ensuring our IoT landscape maintains the security our customers expect throughout both the development and product lifecycles. At Dyson, we achieve this by embedding our security experts into our design projects at all stages. The role will involve working with other subject matter experts in the wider project team, through specifying requirements for a project, being part of a design or research project or leading the implementation of a security improvement.

The role has the following responsibilities:

  • Working closely with development and operations teams to build security in to applications and support processes.
  • provide assurance in the application lifecycle including design reviews, supporting automated code scanning, performing targeted application vulnerability assessments, and ethical hacking across systems.
  • Drive continuous improvement in application security and champion changes to the organisation to be able to respond to new threats.
  • Ensuring teams have what they need to deliver secure code and applications including the skills, tools and training
  • Defining cybersecurity best practices, processes, and workflows.
  • Work to design and implement security controls into our software products.
  • Support changes and improvements through working with the wider dev teams.
  • Lead projects that involve security focused changes to our application architecture.
  • Ensure we are aligning with industry recognised Standards and emerging IoT Standards and reference designs.

Key Competencies

This role requires both in-depth technical understanding of the underlying technologies we utilise, and a keenness to work as part of a larger, highly motivated team to deliver world-class solutions.

We would expect the following key competencies:

  • Strong background in both leading and contributing to a design process.
  • Experience in delivering security automation through delivering “Security as Code”
  • Experience of orchestrating Penetration Testing, Vulnerability Assessments and Risk Assessments using best practice risk management methodologies.
  • Strong experience with securing Enterprise environments across multiple geographic regions.
  • Strong conceptual thinking and communication skills.
  • Ability to work well under minimal supervision and with a high degree of autonomy and responsibility.
  • Team-oriented interpersonal skills, with the ability to communicate effectively with a broad range of people and roles, including vendors, IT and business personnel.
  • Good understanding of technology and process optimization techniques e.g. standardisation, consolidation, simplification and automation and an appetite for continuous improvement.
  • Able to travel to world-wide sites across the enterprise.

Skills

We would expect a grounded understanding of the following:

  • Web & Mobile security
  • Low level security (C / C++)
  • Highly scalable, automated environments
  • DDoS mitigation techniques
  • Application code Analysis
  • Access token management
  • Identity Management
  • API Security
  • IoT
  • Container-based virtualisation
  • Java
  • Node JS
  • GoLang
  • AWS

Experience Required

  • Proven track record in Application Security, including design and implementation.
  • Experience in supporting the design, development and release lifecycle of a bespoke, propriety developed solution and the challenges this presents.
  • Expert knowledge of security methodology and frameworks.
  • Experience in compliance protocols such as PCI-DSS.
  • Knowledge on Rick analysis and methods.
  • Understanding of multiple development processes and practices such as Agile/Scrum, etc.

Qualifications

  • A bachelor's or master's degree in computer science, information security or other related field; or equivalent work experience.
  • Professional application security certification, such as a Certified Application Security Specialist (CASS), Certified Application Security Tester (CAST) or other similar credentials, is desired.

Benefits Overview

Dyson monitors the market to ensure competitive salaries and pension contributions. Beyond that, you’ll also enjoy a profit-related bonus, generous leave and life insurance. But financial benefits are only the start of a Dyson career. Rapid professional growth, leadership development and new opportunities abound, driven by regular reviews and dynamic workshops. And with a vibrant culture, flexible working hours, the latest devices and a relaxed dress code reflecting our engineering spirit, it’s an exciting team environment geared to creativity, innovation and ambition.

Posted: 11-Jan-2017

Facebook LinkedIn Twitter Google Plus Viadeo