Product Security Leader - Applied Water Systems (AWS)
1) The tissue in plants that brings water upward from the roots;
2) a leading global water technology company.
Xylem is the leading global provider of efficient and sustainable water technologies and our international team is unified in a common purpose: creating advanced technology and other trusted solutions to solve the world’s water challenges.
We are committed to social responsibility and corporate citizenship through our Xylem Watermark program, where colleagues volunteer their time and talent to provide and protect safe water resources for communities around the world, deliver disaster response, educate children, and raise global awareness about critical water issues. Innovation, diversity and inclusion are also key to our culture.
Our products and services move, treat, analyze, monitor and return water to the environment, in public utility, industrial, residential and commercial building services settings. We develop and provide technologies that improve the way water is used, managed, conserved and re-used. Xylem also provides a leading portfolio of smart metering, network technologies and advanced analytics solutions for water, electric and gas utilities.
If you are excited and passionate about helping us #letssolvewater, we want to hear from you! For more information, please visit us at www.xylem.com
The Role: As the leader of Product Security in Applied Water Systems, the Product Security Leader is responsible for the implementation and execution of security programs and practices to support a growing, global water technology company. This position will work across product, software, and firmware development teams to identify component and system level technical risks and evaluate critical failure points, determine technical security controls to mitigate risks, and work with cross functional teams to implement features according to product road maps.
You will lead product security strategy, security standards implementation, and security consulting activities for the Applied Water Systems product portfolio including building management systems, connected pumps, controllers, RTUs, fire and life safety systems, and cloud-based asset performance management systems. Your passion for security and in-depth knowledge of Product Security will ensure that you deliver high impact results.
Essential Duties/Principal Responsibilities:
- Work with the product, devops, and systems teams to identify the right security architecture for implementing new solutions, products and modules. Develop, implement and maintain product security strategy for the entire business unit product portfolio covering IoT and smart-device suites
- Know the Applied Water Systems product portfolio in depth and understand the key risks presented to systems from a variety of factors across availability, integrity, and confidentiality
- Conduct complete lifecycle security architecture and technical assessments for a wide range of products, including embedded devices, software solutions, and cloud hosting
- Lead a team of experts to provide comprehensive support for security activities across the entire Applied Water Systems install base and R&D product roadmaps
- Engage in application and domain-specific risk/threat modeling and attack surface analysis and reduction
- Provide guidance and leadership on best practices regarding security in software and firmware development
- Champion the Xylem security Systems Development Lifecycle, including security testing and risk management of vulnerabilities in software/hardware on all Transport products
- Manage the implementation of common security controls
- Provide training and education to engineering teams on security best practices
- Support commercial teams by building customer trust in the security of Xylem products
- Expert level operational support for security escalations from customers
- External: Cybersecurity suppliers, industry peers, customers
- Internal: Product Managers, Engineering; Research & Development; DevOps, Developers
Qualifications: Education, Experience, Skills, Abilities, License/Certification:
- 5+ years of experience in industrial products
- Demonstrated expertise in product architecture and risk management
- Experience with risk management methodologies
- In-depth experience identifying and protecting against risks to industrial products from a security, safety, or quality perspective
- Demonstrated experience with implementing a sustainable product-related program with accompanying results
- Meaningful understanding of how security fits into product development cycles
- Knowledge of secure infrastructure architectures, application architectures, encryption, Cloud Security and broader security technologies.
- Knowledge of IoT network technologies (such as Bluetooth/BLE, WLAN, Z-Wave, Zigbee, identity/auth security)
Additional preferences for a specific position.
- Demonstrated experience in managing risk within industrial products
- Relevant cyber security certifications
- Graduate degree in a technical discipline
- Experience in software development
- Experience with cloud IaaS security operations
- Experience with wireless technologies such as CDMA, E-HRPD, GSM, UMTS, TDS-CDMA, LTE-FDD / LTE-TDD, and 5G
- Experience with Android RIL, Telephony, C and Embedded RTOS.
Standard weekly job hours: Monday through Friday, normal business hours (40)
Travel requirement: Approximately 15% (domestic and international)
Xylem is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.