R&D Architect

About Barco

Barco designs technology to enable bright outcomes around the world. Seeing beyond the image, we develop visualization and collaboration solutions to help you work together, share insights, and wow audiences. Our focus is on three core markets: Enterprise (from meeting and control rooms to corporate spaces), Healthcare (from the radiology department to the operating room), and Entertainment (from movie theaters to live events and attractions). We have a team of 3,600 employees, located in 90 countries, whose passion for technology is captured in 400 granted patents. As part of BCR Software Development group at Barco our vision is to be a world class software team partnering with our businesses to offer successful software solutions and outcomes that delight our customers and set the trend in our dynamic markets.

BCR (Barco Control Rooms)

The Barco Control Rooms business unit is making workflow and visualization solutions for the Control Room market since 1994 to help operators collect, visualize and share critical information for optimal mission-critical decision making. Today, we are still the number one choice for control room professionals who want to stay on top of their situational awareness with 12000+ installations for critical infrastructure and critical operations.

Barco CTRL is our latest flagship software product. It is a simple, scalable and secure platform, that gives an operator full control over the information flow in an easy and intuitive way for faster and efficient decision making.  

About the Role

1. Manage and improve product security/privacy strategy (“security/privacy by design”) in line with Barco’s information security objectives

2. Advice R&D teams during threat modeling exercises and security risk analyses during design/development phases

3. Challenge R&D teams and system architects about the why and how technical security controls should be integrated

4. Guarantee compliance with privacy/security regulations from product development perspective in cooperation with Security Office and Data Protection Officer (GDPR, HIPAA,...)

5. Design and document technical security controls in different product lines ranging from embedded to cloud deployments

6. Promote, monitor and improve process security controls in the design and development phases, e.g:

   1. Security baseline

   2. Code review process

   3. Application security testing (SAST, DAST, …)

   4. Vulnerability management (e.g. of open source packages)

   5. Vulnerability scanning (tooling and configuration)

7. Organize and follow up product penetration tests executed by external partners

8. Follow up incident response management and vulnerability disclosure processes

9. Follow up ISO 27001 ISMS/audit for all product development related subjects

10. Create security whitepapers of the different product lines

11. Promote Barco’s security/privacy posture on product level in interviews, webinars, articles, …

12. Key contact point for security/privacy related topics during pre-sales phase

13. Stay up-to-date with latest security/privacy technologies, trends and regulations and translate impact to the business stakeholders

14. Inform Business Unit management about security improvement progress and business risks

Qualifications and Experience

Education: 

Bachelor’s/Master's degree in IT or information security, or equivalent by experience.

Experience:

• At least 5 years of experience in information security management, preferably also from development perspective (defensive side)

• Experience with agile development process across international teams

• Familiar with ISO 2700x frameworks and risk assessment/treatment

• Knowledge of third-party auditing and (cloud) risk assessment methodologies

• Familiar with security attack pathologies

Competencies:

• Solid understanding of security protocols, cryptography, authentication, authorization and best practices

• Proven experience with leading and guiding a group of stakeholders from different functions through threat modeling, utilizing STRIDE or other frameworks

• Excellent knowledge of the Common Vulnerability Scoring System (CVSS) and its application during technical vulnerability assessment

• Experience with management of 3rd party vulnerabilities through analysis of Software Bill of Materials (SBOM)

• Ability to explain security concepts and security processes to technical stakeholders such as R&D Software Engineers

• Very broad technical knowledge: from embedded devices to containerized deployments of services, from backend to frontend

• Familiar with OWASP project (Top 10, ASVS, SAMM, …)

• Coding skills: C, C++, JavaScript (Rust & Go a bonus)

• Highly motivated individual with a genuine enthusiasm for information security and technology

• Eager to stay up to date with latest technologies

• Customer centric mindset

• Good verbal, written, presentation, facilitation, and interaction skills, including ability to effectively communicate risks, issues and concepts to multiple organization levels and executive management

• Good communication skills both verbal and written English

• Ability to prioritize workloads and to know when to seek guidance

Differentiating Criteria:

• Preferably holder of certifications like GIAC, CISSP, CISM, …