JOB Description
As part of PSIRT (Product Security Incident Response Team), this role will handle and respond to security incidents related to its products or services. The main purpose of this role is to identify, assess, prioritize, and respond to vulnerabilities or threats that may impact the security of the organization’s offerings. This role will help in building effective PSIRT to ensure greater product quality and fewer security patching updates, these outcomes not only keep costs down, they also help the brand by avoiding the appearance of being lax about a product’s security.
Key Responsibilities:
- Technical Leadership: Serve as the primary technical lead for investigating vulnerabilities and security incidents across various domains, including Vehicle, Application, and Back End systems.
- Guidance and Strategy: Provide expert technical guidance and contribute to the formulation of effective investigation strategies to swiftly identify and address security threats.
- PSIRT Support: Collaborate closely with the PSIRT Team to investigate and track identified vulnerabilities using the VVM Jira tool, thereby facilitating continuous improvement of the organization's security posture.
- Stakeholder Coordination: Liaise with stakeholders to assess vulnerabilities and recommend appropriate remediation or mitigation measures, ensuring timely and effective risk reduction.
- Remediation & Mitigation Tracking: Monitor the progress of remediation and mitigation efforts using the VVM Jira Tool, maintaining close communication with Product Leads and Scrum Teams to ensure alignment and swift resolution of security issues.
- Ad-hoc Technical Support: Provide on-demand technical expertise and support for various PCG services and programs as needed, leveraging a deep understanding of product security principles and best practices.
Requirements
Minimum Qualifications:
- Bachelor's degree in Computer Science, Information Security, or a related technical field; or equivalent practical experience.
- 10+ years of Engineering experience in cybersecurity, incident response, vulnerability management, or related fields within the OEM industry.
- Proven expertise in conducting technical investigations into security incidents and vulnerabilities across diverse OEM environments such as Vehicle, Application, and Back End systems.
- Strong familiarity with industry-specific tools and methodologies for vulnerability management and incident response within the OEM sector.
- Excellent communication skills with the ability to effectively convey technical information to diverse audiences and collaborate with cross-functional teams within an OEM context.
- Demonstrated ability to provide technical leadership, guidance, and mentorship to junior team members within an OEM setting.
- Experience working with issue tracking and project management tools such as Jira for tracking vulnerabilities and remediation efforts, preferably within an OEM environment.
- Ability to adapt to fast-paced OEM environments and prioritize tasks effectively to meet OEM-specific deadlines and requirements.
- Willingness to travel up to 15% of the time, with a minimum expectation of 2 days per month and 1 week per quarter for on-site engagements and collaboration within the OEM industry.
Preferred Qualifications:
- Master's degree in Computer Science, Information Security, or a related technical field.
- Industry certifications such as CISSP, CISM, CEH, or equivalent.
- Experience with cybersecurity incident response frameworks such as NIST CSF, ISO 27035, or similar.
- Familiarity with Agile development methodologies and Scrum practices.
- Prior experience in automotive cybersecurity or related industries.
- Knowledge of scripting languages such as Python, PowerShell, or Bash for automation and tool development.