Product Security Engineer
Shanghai, SH, CN, 200051
Ingersoll Rand
Ingersoll Rand is committed to achieving workforce diversity reflective of our communities. We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.
Position Summary
We are seeking a highly skilled and motivated Product Cybersecurity Engineer to join our dynamic team. The successful candidate will be responsible for ensuring the security of our embedded systems, ICS, and associated cloud services. The engineer will contribute to development and implementation of global policies, tools, and practices and have a focus on supporting business units located in the Asia-Pacific region.
An individual with a diverse IT/OT background, the Product Security Engineer will work across ICS/OT/embedded technologies and IT/cloud technologies. The engineer must understand a range of disciplines, from embedded software, base operating or firmware systems and middleware services to APIs, application security, and cloud services.
Product security engineers must also focus on secure development practices, threat modeling, vulnerability management, architecture, and application security design. The engineer focuses on using secure-by-design and security-first principles to reduce product vulnerabilities.
Essential Job Duties
Security Reviews and Risk Assessment:
- Lead product and application security reviews, threat / risk / vulnerability analyses, investigations of security-related incidents, and assessment of the security level based on meaningful metrics.
- Document security findings, outline remediation options, and oversee mitigation.
Security Design, Implementation, and Testing:
- Evaluation, specification, implementation, introduction, and maintenance of cybersecurity-oriented development, engineering, and testing tools.
- Actively engage with product development teams to facilitate secure product design addressing security requirements for new and existing products.
- Translate cybersecurity governance policies and controls into customized implementation measures, helping to develop and implement security architectures and solutions for embedded systems, ICS, and cloud services.
Establish Product Cybersecurity Framework
- Evaluate the existing product ecosystem and propose product changes to security leadership and engineering.
- Facilitate or run internal education and training sessions, with a focus on product security principles.
Skills and Experience
- Proficiency in both English and Standard Chinese (Mandarin) for effective communication and translation.
- Highly technical and analytical experience, with a proven deep background in software engineering.
- Experience with a combination of one or more in embedded software, ICS and OT technology, public cloud providers (AWS, Azure, GCP) and IoT service architectures and cybersecurity aspects of it.
- Experience with development and testing cybersecurity tools such as SAST/ DAST.
- Knowledge of international or national standards and regulations for IT/OT Security Standards, Legal issues
- Experiences in risk-based methodologies and approaches (e.g. Threat and Risk Analysis)
Education Requirements
- Bachelor’s degree preferred in information assurance, computer science, engineering, or related field.
Experience Requirements
- Five-plus years of professional experience with a combination of one or more in secure product development, application security and engineering or secure development lifecycle.
Certification Requirements
- Preferably one or more SANS certifications (GWAPT, GWEB, GCSA), CISSP, CSSLP.
Ingersoll Rand Inc. (NYSE:IR), driven by an entrepreneurial spirit and ownership mindset, is dedicated to helping make life better for our employees, customers and communities. Customers lean on us for our technology-driven excellence in mission-critical flow creation and industrial solutions across 40+ respected brands where our products and services excel in the most complex and harsh conditions. Our employees develop customers for life through their daily commitment to expertise, productivity and efficiency. For more information, visit www.IRCO.com.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Application security AWS Azure CISSP Cloud Computer Science CSSLP DAST GCP Governance GWAPT ICS Industrial IoT Product security Risk analysis Risk assessment SANS SAST Vulnerabilities Vulnerability management
Perks/benefits: Medical leave
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.