Senior Security Technical Lead

Humanetics Safety is the pioneer of safety systems used across the automotive, aerospace, defense and transport sectors. It is the market leader in the design and manufacture of the iconic crash test dummies, the world most biofidelic anthropomorphic test devices, and a leader in Active Safety test solutions, crash test equipment and calibration platforms that are used to ensure humans are protected at moments of need. Our hardware devices have exact match digital twins and integrated software platforms that provide customers with powerful solutions to maximize the productivity of their crash test programs. Protecting humans in a world in perpetual motion. Key Responsibilities: The Senior Security Technical Lead will have ultimate accountability and ownership for information security as it relates to Humanetics' Digital business. Humanetics, is looking for a cyber security lead who is both strategic and hands-on. You will be responsible for the analysis, design, architecture and processes associated to critical software solutions across various geographic locations for on-premise and cloud. This role requires a balance between strategic mindset and ability to "˜roll up your sleeves'. Systems are inclusive of cloud-based computing, data storage systems, IOT devices, fleet management architecture and on premise to cloud connectivity. We're at the cutting-edge of IoT, which means a lot of never-before-solved challenges around statefulness, cross-system security; and redundancy. You'll be part of the brain-trust which includes engineering and product leadership to advise on security challenges. To do that, you'll need to have technical depth; systems thinking; and communication skills to evaluate trade-offs around security, compliance, cost, and scale. This is the ideal role for someone in security who's ready to move their career to the next level in terms of technical influence and scope of impact. Leadership Responsibilities: Security Strategy: Partner with technology and business teams to implement a comprehensive information security strategy that aligns with business objectives and safeguards critical assets. Roadmap & Metrics: Develop and execute a security roadmap, prioritize risk areas, set milestones, and report on progress against performance metrics. Communicate updates and challenges to stakeholders and executives. Cross-Functional Collaboration: Work with business leaders and IT-Security to create new processes, integrate security practices, and share ownership of risk management. Cybersecurity Thought Leadership: Stay ahead of industry trends and drive forward the company's cybersecurity awareness. Security Awareness: Promote a security-first culture across engineering teams and the organization through training, education sessions, and advocacy. Team Leadership: Direct and mentor a small security team, providing guidance on technical issues, prioritizing tasks, and fostering professional development to ensure effective execution of security initiatives. Technical Responsibilities: Vulnerability Management: Run routine vulnerability assessments, prioritize remediation, and drive remediation to meet SLAs. Cloud Security: Strengthen cloud security by improving processes, continuously add monitoring and guardrails to ensure developers follow safe practices, and routinely audit the security of our cloud. Threat & Risk Assessments: Perform structured threat risk assessments and suggest mitigation plans for application teams. Penetration Testing: Coordinate third-party penetration tests and guide teams in resolving identified vulnerabilities. Operational Reviews & Security Audits: Coordinate operations reviews and conduct CICD security audits for major project releases, ensuring development teams meet security standards and address vulnerabilities prior to deployment. Development Team Support: Support development teams with security-related support requests, including CI/CD security configuration changes, waivers, deploying Web Application Firewalls (WAF), endpoint protection agents, and reviewing new major features for security compliance. SOC Collaboration & Incident Response: Work with the external Security Operations Center (SOC) to ensure effective monitoring. Work closely with the SOC team as part of the escalation path as part of the Incident Response process. Third-Party Risk Management: Oversee vendor security assessments and manage third-party risk through a formalized process. Assess security settings and improve security posture within 3rd party SaaS tools. Technology Implementation: Research, recommend, and implement new security technologies and solutions. ISO 27001 Collaboration: Collaborate as a key member in the organization's ISO 27001 Information Security Management System (ISMS), supporting compliance efforts, audits, and contributing to continuous improvements in alignment with the standard's requirements. M&A Support: Perform security evaluations for potential acquisitions, advise leaders and executives on the risks, and aid in integration with respect to security. Other Significant Role Requirements: Candidate should have a working knowledge of system and network exploitation, attack methodologies and intrusion techniques; denial of service attacks, man in the middle attacks, malicious code delivery techniques, automated network vulnerability and port scanning, social engineering, network and system reconnaissance. Candidate should have working knowledge of system and network administration, configuration best security practices, security controls and configuration standards as they apply to security Working or educational knowledge of AWS, GCP, Azure, Cloud security Candidate must be able to articulate in both written and oral communication to consult in technical and management-related matters Programming / scripting in Python, bash, Power Shell Supervision: Self-Directed, High Energy Work Environment No adverse environmental conditions expected. Travel Up to 10% travel, including international. Customer Focus: This is a visible position with a critical impact on the SW COE's & company security. Internal and external contacts include all levels of employees within the company, vendors, division management, consultants, and other professional business contacts within the industry. Critical Competencies: Strategic Thinking - Ability to think strategically in solving complex business problems and to provide security insight that is relevant and digestible to key stakeholders Adaptability - Adapts to changes in the work environment; manages competing demands; changes approach or method to best fit the situation; able to deal with frequent change, delays, or unexpected events. Problem Solving - Identifies and resolves problems in a timely manner; gathers and analyses information skillfully; develops alternative solutions; works well in-group problem solving situations; Uses reason even when dealing with emotional topics. Innovation - Displays original thinking and creativity; meets challenges with resourcefulness; generates suggestions for improving work; develops innovative approaches and ideas; presents ideas and information in a manner that gets others' attention. Judgment - Displays willingness to make decisions; exhibits sound and accurate judgment; supports and explains reasoning for decisions; includes appropriate people in decision-making process; makes timely decisions. Education and/or Experience: 7+ years of AWS and security experience Familiarity with security best practices for cloud infrastructure, containers, serverless, and APIs. Experience applying automation (IaC) to security tooling, cloud infrastructure, and build pipelines (e.g. Terraform, AWS managed tooling, Jenkins, NexusIQ, SonarQube, Tenable.io, Burp Suite, etc...). Comprehensive knowledge of OWASP, static/dynamic analysis, security monitoring, and common exploit tools and methods. Problem solver with the ability to understand the big picture and be willing to drive projects on your own. You are a lifelong learner and passionate about learning new things and taking on new challenges. Highly organized, detail oriented, and able to work autonomously with minimal direction. Possess strong communication, collaboration, and documentation skills Experienced working remotely including proficiency to communicate over a text-based medium (Slack, Jira, Confluence) and can succinctly document technical details. Certifications such as OSCP, GCSA, AWS SysOps/DevOps/Security are a plus. Certified AWS CCP or higher Proficiency (two or more years) in designing, developing and deploying cloud based solution's using AWS. Understanding of core AWS services, uses, and basic architecture best practices Designing and deploying dynamically scalable, highly available, fault tolerant, and reliable applications on AWS Selecting appropriate AWS services to design and deploy an application based on given requirements Proficiency in at least one modern programming language: Java, Python At Humanetics, privacy and information security is a critical feature of our corporate culture and is the responsibility of all employees. Humanetics is an Equal Opportunity Employer/Veterans/Disabled/LGBT employer Job Details Job Function SGA Pay Type Salary Employment Indicator Regular Education Level Bachelor's Degree Travel Required Yes Travel Percentage 10

Created: 2024-11-19