Job Description

Salary up to 60000 depending on experience.
Location Wotton-under-Edge Glouc. (no public transport available)
Hybrid working 3 days/week onsite

To bring greater focus to our product security engineering activities the Product Security Engineering Lead will be responsible for guiding and working with Renishaws product divisions to identify assess and mitigate security vulnerabilities in software and associated hardware products. They will work closely with development teams to integrate security practices into the software development lifecycle (SDLC) and help ensure products are secure and compliant with relevant standards and regulations including the Cyber Resilience Act.

Responsibilities

• Assess establish and maintain clear guidelines and best practices for secure coding vulnerability management and incident response

• Develop and maintain product security risk assessment processes providing support and guidance to project teams

• Develop scanning and review processes to discover security vulnerabilities and devise mitigation strategies as well as report and resolve technical debt

• Serve as a Subject Matter Expert (SME) in product security for projects during development phases providing information security consulting and recommendations and ensuring the implementation of approved security requirements

• Collaborate with developers and their teams to ensure security is integrated at every stage of the software development lifecycle

• Guide teams to automate security scans and tests and implement secure coding practices ensuring product compliance with regulatory standards

• Work with DevOps leads to ensure security tools and processes are integrated into their DevOps pipelines

• Monitor and assess the effectiveness of the implemented cybersecurity controls

• Coordinate activities with the owning product divisions when vulnerabilities are reported by 3rd parties and guide the response

• Work with development teams to remediate security vulnerabilities and prevent future incidents

• Track and address security issues effectively ensuring timely remediation and patching

• Document and report results of the cybersecurity program to stakeholders

• Organise design and deliver cybersecurity training and awareness-raising activities

• Share product security learning with the operational security team and vice-versa

• Stay updated on the latest security threats trends and best practices

• Identify opportunities to incorporate AI tooling into the development lifecycle selecting and taking forward the most promising use cases

The successful candidate will have the following expertise and skills

• Bachelors / Masters degree or equivalent work experience in Computer Science Information Security Business or a related field

• circa 3 years of work experience in cybersecurity especially in an information risk analysis security engineering or security architecture role

Key requirements

• Experience in performing penetration testing secure code review software composition analysis static dynamic and manual code review

• Experience identifying and remediating common vulnerabilities such as OWASP Top 10

• Hands-on experience with security scanning tools

• Proven experience in secure coding practices and vulnerability assessment

• Experience securing hardware products controlled by software would be an advantage

• Experience applying AI to security and development use cases

• Familiar with threat modelling frameworks and having experience with automated tools

Knowledge and skills

• Excellent communication and collaboration skills to work effectively with cross-functional teams

• Proficient in programming languages such as C/C Python Java etc.

• Able to handle multiple concurrent tasks

• Strong analytical and problem-solving skills

Benefits

Employment Type:

Time Type:

Requisition Number: