Job Description

Job Description

As a systems security engineer you will play a key role in the evaluation, support, management, and implementation of security measures pertaining to Bosch Home comfort (HC) HVAC control and communicating systems. The selected individual will possess experience in the design and validation of security services executing on different hardware platforms. He or she will assume the role of Project Security Lead with full hands- on development for current and future projects and be responsible for security feature implementation according to the product life cycle for various HVAC connected systems.

Job Responsibilities

• Security reviews for new features, products, technologies, and services.
• Secure design, architecture, implementation, and penetration testing of HVAC connectivity systems.
• Threat Modeling and Risk Assessment for SDLC: Conduct comprehensive threat modeling and risk assessments to identify potential security vulnerabilities and threats early in the Software development life cycle (SDLC).
• Analyze the security implications of software architecture, design, and implementation choices.
• Prioritize security risks based on their severity and potential impact to lead remediation efforts.
• Influence decision-makers and stakeholders throughout the HC-CW organization across project teams to achieve a consistently high security bar.
• Create security guidance and documentation (e.g. Security Concept) for development.
• Develop and deliver security training and outreach to internal development teams.
• Develop and improve metrics that drive desired behavior and security outcomes.
• Identify pressing security problems that are amenable to automatic detection. Work to implement new detection techniques and tools.
• Ensure that detected security issues are treated with a level of urgency that reflects their true risk.
• Investigate security issues and identify opportunities for detecting or preventing similar issues with automation.
• Provide guidance to the HC (Home Comfort) RBU Engineering and third-party development teams on secure coding and development practices.

Qualifications

Basic Qualifications:

• Bachelor of Science in Computer Engineering, Computer Science.
• 4+ years of experience with any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security.
• 4+ years knowledge and understanding of security frameworks, engineering, system and network security, authentication and security protocols, cryptography, or application security.

Preferred Qualifications:

Technical Skills

• Desired experience working in the HVAC/Refrigeration industry, with a familiarity of existing HVAC residential and commercial equipment, systems and suppliers.
• Proven experience as a Systems Security Engineer or a similar role with a focus on application security. In-depth knowledge of OWASP best practices, methodologies, and tools.
• Familiarity with industry standards and frameworks such as NIST, ISO 27001, and CIS.
• Experience with secure coding practices and the ability to review code for security vulnerabilities.
• Proficiency in defining specific security requirements from business or product requirements essential for project planning.
• Collaborate with development and Hardware teams to integrate security best practices throughout the software development lifecycle.
• Knowledge and experience with cryptography and computer security.
• Participate in incident response activities and provide expertise in the resolution of security incidents related to OWASP vulnerabilities..
• Industry leading approaches to automating security investigations is to use artificial intelligence (AI) and machine learning (ML).
• Strong demonstrated knowledge of web protocols, common attacks, and an in-depth knowledge of operating systems (OS) tools and architecture.
• Experience with virtualization technologies, especially with AWS services.
• Relevant industry certifications (e.g. AWS Certified Security) a plus.
• Familiarity with Bosch Security Engineering Process (SEP), or similar process, a huge plus.

Soft Skills

• Ability to work with geographically dispersed teams and a diverse cultural environment.
• Maturity, judgment, negotiation/influence skills, analytical skills, and leadership skills.
• Ability to quickly come up to speed on new projects.
• Experience in a startup or high-growth environment is highly desirable.
• Strong communication skills, both written and verbal, with both internal team members and external business stakeholders.
• Able to communicate and present complex technical concepts across technical and non-technical organizations.
• Ability to work with minimal supervision in a lean and fast paced environment.
• Creativity and ability to learn quickly are essential.
• Excellent collaboration and teaming skills.

Qualifications

Basic Qualifications:

• Bachelor of Science in Computer Engineering or Computer Science.
• 4+ years of experience with any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security.
• 4+ years knowledge and understanding of security frameworks, engineering, system and network security, authentication and security protocols, cryptography, or application security.

Preferred Qualifications:

Technical Skills

• Desired experience working in the HVAC/Refrigeration industry, with a familiarity of existing HVAC residential and commercial equipment, systems and suppliers.
• Proven experience as a Systems Security Engineer or a similar role with a focus on application security. In-depth knowledge of OWASP best practices, methodologies, and tools.
• Familiarity with industry standards and frameworks such as NIST, ISO 27001, and CIS.
• Experience with secure coding practices and the ability to review code for security vulnerabilities.
• Proficiency in defining specific security requirements from business or product requirements essential for project planning.
• Collaborate with development and Hardware teams to integrate security best practices throughout the software development lifecycle.
• Knowledge and experience with cryptography and computer security.
• Participate in incident response activities and provide expertise in the resolution of security incidents related to OWASP vulnerabilities..
• Industry leading approaches to automating security investigations is to use artificial intelligence (AI) and machine learning (ML).
• Strong demonstrated knowledge of web protocols, common attacks, and an in-depth knowledge of operating systems (OS) tools and architecture.
• Experience with virtualization technologies, especially with AWS services.
• Relevant industry certifications (e.g. AWS Certified Security) a plus.
• Familiarity with Bosch Security Engineering Process (SEP), or similar process, a huge plus.

Soft Skills

• Ability to work with geographically dispersed teams and a diverse cultural environment.
• Maturity, judgment, negotiation/influence skills, analytical skills, and leadership skills.
• Ability to quickly come up to speed on new projects.
• Experience in a startup or high-growth environment is highly desirable.
• Strong communication skills, both written and verbal, with both internal team members and external business stakeholders.
• Able to communicate and present complex technical concepts across technical and non-technical organizations.
• Ability to work with minimal supervision in a lean and fast paced environment.
• Creativity and ability to learn quickly are essential.
• Excellent collaboration and teaming skills.

Additional Information

By choice, we are committed to a diverse workforce - EOE/Protected Veteran/Disabled.

** Indefinite U.S. work authorized individuals only. Future sponsorship for work authorization unavailable.**