Industrial Cybersecurity Engineer - Embedded/DevSecops

Key Responsibilities
•    Conduct vulnerability assessments, coordinate penetration testing activities, and perform risk analysis.
•    Support secure system architecture reviews and threat modeling initiatives.
•    Enforce organizational security policies, standards, and procedures.
•    Investigate security incidents and lead root cause analysis along with remediation actions.
•    Ensure alignment with relevant standards such as IEC 62443, EN18031, and ISO 27001.
•    Support cybersecurity compliance initiatives including IEC 62443, EU CRA, ISO 27001, and NIST frameworks.
•    Maintain security documentation, playbooks, and incident response plans.
•    Ensure secure design principles are applied, including least privilege, defense in depth, and secure defaults.
•    Validate secure implementation of requirements and mitigation strategies.
•    Perform security testing on firmware releases from development teams.
•    Apply Static Code Analysis techniques to identify security vulnerabilities in code.
•    Conduct Software Composition Analysis to support software supply chain security.
•    Participate in unit testing and secure code reviews.
•    Continuously improve security practices by staying informed on emerging threats, tools, and industry practices.
•    Collaborate with DevOps and engineering teams to integrate security practices within CI/CD pipelines.
Required Qualifications
•    Minimum 5 years of experience in industrial cybersecurity or IT/OT security environments.
•    Engineering degree or equivalent experience in Software Engineering, Computer Science, or Cybersecurity.
•    Strong programming skills in C and C++.
•    Solid understanding of encryption algorithms, key management, and secure protocols such as TLS and SSH.
•    Knowledge of common software vulnerabilities including OWASP Top 10 and CWE/SANS Top 25.
•    Familiarity with Linux, Windows, RTOS environments, and network protocols such as TCP/IP, DNS, and HTTPS.
•    Understanding of industrial communication protocols including Serial, Modbus, and HART.
•    Familiarity with cybersecurity frameworks and standards such as IEC 62443, ISO 27001, NIST, and OWASP.
•    Self-motivated with the ability to work effectively in a collaborative team environment.
•    Experience working with Software Bill of Materials (SBOM).
Preferred Qualifications
•    Experience implementing DevSecOps practices within software development lifecycles.
•    Hands-on experience with Azure DevOps or similar CI/CD platforms.