Product Security Specialist (on-site)

In this new role you will have a direct impact on establishing and managing the Secure Product Development Lifecycle (SDL) process to ensure that products developed by Yaskawa America meet the highest security standards furthering our product reputation. Oversee controls implementation, vulnerability reports, third-party assessment and product teams training to ensure SDL best practices,. Evaluate and assess developer competency in following secure development processes, influence managers to update development process implementations to match SDL requirements, evaluate the effectiveness of product vulnerability tests and create security vulnerability reports to be shared with other Yaskawa business units. Work cross-functionally and with external security experts to create and manage Yaskawa security process and policies.

DESCRIPTION OF DUTIES:   

• Create and maintain an SDL process for Yaskawa America product development teams; ensuring compliance with new and evolving compliance requirements.
• Coordinate with outside certification organizations to obtain and maintain compliance to SDL certifications.
• Collaborate on security development activities between the Yaskawa business units and stakeholders.
• Create, track and present security metrics and recommendations to senior management.
• Lead due diligence and threat modeling policies and procedures.
• Consult and influence development team managers on best practices and the proper implementation of the SDL for their development projects.
• Train security test engineers in threat modeling, risk assessment, vulnerability management, and penetration testing.
• Provide training to and complete competency evaluations of Yaskawa associates that are using the SDL.
• Approve or deny the use of third-party components used in products and for product development.
• Review and produce product security vulnerability reports and coordinate the vulnerability handling process.
• Evaluate and approve security test plans.
• Keep up to date with security threats and trends.
• Organize the Product Security Incident Response Team (PSIRT) in Yaskawa America.
• Assist with Cyber Security assessments required by YAI customers.

 

QUALIFICATIONS: 

• B.S. or M.S. from an established University in Software Development, Computer Science, Information Security, Engineering or related field.
• 3-5 years experience in software security, application security or product security.
• Preferred expertise in industrial control systems security standards, especially IEC 62443.
• Experienced in development of process standards, secure coding practices, vulnerability management and risk assessment.
• Prior experience in assessing security competencies and providing training on security processes and threat modeling ideal.
• Having worked cross-functionally and/or globally to identify new and diverse best practices in an ever-changing landscape, protocols and requirements.
• Superior communication skills, both written and verbal; strong interpersonal and collaboration skills to influence cross-functional teams to drive security policies, process and procedures to desired outcomes.  

 

PHYSICAL REQUIREMENTS:  

• Work Environment: Mobile (work from office or on the road)
• Physical Effort: Minor
• Mental Effort: Significant (must be able to understand security standards and their implementation)
• Communication: Superior (must be able to clearly communicate security processes.)
• Sensory Abilities:  Visual and Hearing are required to develop, assess, and implement secure development processes.

Some key advantages of working at Yaskawa include: career opportunities in diverse areas, a highly competitive benefit package, including a generous 401(K) plan, profit sharing, corporate wide bonus plan and educational assistance program offering up to $10,000 a year for graduate courses. Additional information regarding the benefit package can be found at https://www.yaskawa.com/about-us/careers/benefits.

 

Yaskawa America, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.