Product Cyber Security Engineer

The Product Cyber Security (CS) Engineer will be responsible for coordinating and performing product cyber security functions within Woodward business unit(s) as described in Secure Development Lifecycle (SDLC). This member supports the implementation and adoption of cyber security standard work processes (including, but not limited to, risk assessment, awareness/training, incident response, and strategic initiatives). In addition, this member will advise developers, test engineers, and supply chain resources on all business unit related with product cyber security issues.

WHAT YOU WILL BE DOING:

• Oversee a program implementation of Woodward SDLC (Secure Development Lifecycle), based on ISA/IEC 62443-4-1 practices, with the goal of Security Development Lifecycle Accreditation (SDLA) through accredited certification body;
• Assist product teams with successful ISA/IEC 62443 process and device certification.
• Run internal pre-certification audits;
• Security Requirements management: define common set of system requirements derived from multiple security standards, generation of deliverable reports, security reviews for both hardware and software requirements, coordination between safety and security for requirements and processes;
• Assist with the development of department processes, methods, and checklists;
• Develop and maintain threat models for Woodward projects;
• Manage product Cyber Security incident response;
• Point of Contact for customer inquiries about product cybers security features;
• Coordinate with corporate level groups on Woodward cybersecurity initiatives;
• Provide work effort estimates, assist in project planning efforts including project task definition;
• Execute the standard work relative to Product Cyber Security processes. Lead efforts in improving standard work;
• Provide Product Cyber Security knowledge into proposals and risk assessments;
• Responsible for suggesting and supporting new cyber tools usage;
• Assist with training WWD members on national, regional, and international regulations/standards;
• Responsible for keeping abreast of new and changing regulations and best practices pertaining to Product Cyber Security.

WHAT YOU WILL NEED:

• Familiarity with:
• specific OT / IACS products and systems, including challenges in securing them;
• industrial cyber security concepts, such as NIST SP 800-82;
• cybersecurity standards, such as: ISA/IEC 62443 family of standards, NIST Cyber Security Framework (CSF), NIST SP 800-53 and SP 800-171, NIST Cyber Security Framework;
• sector-specific cybersecurity standards, such as: ISO/SAE 21434, IACS UR E 26 & E 27, NERC-CIP;
• Public Key Infrastructure (PKI) concepts;
• Experience in creating cyber security process documents (procedures, manuals, instructions);
• Experience in developing, implementing, and evaluating cyber security requirements for OT/IACS products and systems;
• Familiarity with IEC 61508 would be a benefit;
• Strong teamwork approach;
• Fluent English in writing and speaking;
• Familiarity with software development and analysis tools including editors, compilers, linkers, debuggers, code analyzers, version control systems, software testing tools, etc.