Product Security Architect

Engineering Lausanne, Switzerland


Description

Position at Logitech

The Role:

Logitech is transforming into a connected company, where devices and cloud services work hand in hand to create new user experiences. Continuously enhancing its product development process, Logitech is developing its capabilities in Product Security by Design with the creation of a Product Security practice reporting into the CTO Office.

Reporting to the appointed Chief Product Security Architect, you will be the primary technical expert on the team leading the development and adoption of a Product Security practice across the company and its many R&D locations WW (travel 10%). As Product Security Architect, you will have visibility across and influence over product development in all R&D groups supporting Logitech’s rich and diverse portfolio of products. As guardian of compliance with product security standards, you will have direct access to the Executive Team in order to inform the business decision-making process. You will partner with IT InfoSec (responsible for cybersecurity) and Operations (responsible for PLC and NPI processes) teams in establishing common processes and tool chains. Finally, your expertise must span all aspects of complex consumer-facing solutions combining wired and wireless hardware, embedded software, hosted and mobile applications, as well as web and data services.

Your Contribution:

Be Yourself. Be Open. Stay Hungry and Humble. Collaborate. Challenge. Decide and just Do. These are the behaviours you’ll need for success at Logitech. In this role you will be responsible for:

  • defining, training and enforcing secure solutions design guidelines and patterns for consumer-facing products, host and mobile applications, and cloud services.

  • defining, deploying, training and managing development and test processes and tools in support of established design guidelines.

  • conducting threat model analysis, penetration testing, code analysis or other security validation of specific projects.

  • the continuous education and certification of the relevant R&D workforce.

  • assessing compliance of consumer-facing solutions with internal secure design guidelines and standards, escalating non-compliance to the adequate authorities.

In this role you will contribute to:

  • product development by advising development teams on architecture design, technology selection and validation strategy.

  • product security validation through design reviews, security assessment and test reviews.

  • the definition, internal follow-up and external communication of community-based security test campaigns such as bug bounty programs.

  • the selection and validation of external test partners in collaboration with IT.

  • the management of external partners on specific test engagements.

Key Qualifications:

For consideration, you must bring the following minimum skills and behaviours to our team:

  • 10+ years of relevant work experience in the design, development and validation of secure consumer-facing products, applications and services
  • Proven track record of leadership experience  in a product security or relevant technology role 

Desired Skills

Proficiency in:

  • secure development lifecycle (software, embedded software and firmware).

  • Threat modelling frameworks and tools such as STRIDE, OWASP, Irius, etc.

  • Security testing and tracking platforms such HackerOne, CheckMarx, CodeDX, etc.

Experienced in:

  • Common web languages, protocols and formats incl. SSL, JSON, HTML, JavaScript, OAuth, etc..

  • Common embedded languages, frameworks, protocols, incl. C/C++, Linux, Android, FreeRTOS, USB, Bluetooth, Wifi, etc.

  • At least one of the Cloud services (AWS, Google Cloud, Azure).

  • CI/CD, DevOPS and DevSecOPS practices.

  • GDPR and other relevant privacy regulations.

  • Platform Security Architecture and relevant security standards.

Demonstrated track record in:

  • Pragmatic attitude and ability to provide informed and balanced guidance on security for the sake of the business.

  • Assessing and anticipating business needs, and in delivering business-relevant results.

  • Effective collaboration with teams of software developers, embedded systems engineers, InfoSec engineers, etc.

  • Strong problem solving skills.

  • Ability to interact with a broad cross-section of technical and non-technical personnel to promote and enforce security measures.

  • English both verbal and written fluency.

Education & Certifications:

  • MsC degree in Computer Science or a related technical field or equivalent practical experience.

  • ISC2 certification (CISSP, CSSLP and/or CCSP) or equivalent would be a strong advantage.

Logitech is the sweet spot for people who are passionate about products, making a mark, and having fun doing it. As a company, we’re small and flexible enough for every person to take initiative and make things happen. But we’re big enough in our portfolio, and reach, for those actions to have a global impact. That’s a pretty sweet spot to be in and we’re always striving to keep it that way.

 “All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.”

 #LI-DP1