Product Security Engineer
1) The tissue in plants that brings water upward from the roots;
2) a leading global water technology company.
Xylem, a leading global water technology company dedicated to solving the world’s most challenging water issues, is the leading global provider of efficient, innovative and sustainable water technologies improving the way water is used, managed, conserved and re-used. Our international team is unified in a common purpose: creating advanced technology and other trusted solutions to solve the world’s water challenges. We are committed to creating an organization of inclusion and diversity, where everyone feels involved, respected, valued and connected, and where everyone is free to bring their authentic selves and ideas.
If you are excited and passionate about helping us #letssolvewater, we want to hear from you! For more information, please visit us at www.xylem.com.
We Offer You More Than Just “A Job”
- Professional Development – To advance the capabilities of our people, we offer a wide variety of experiences to support our employees’ professional growth and continuous learning.
- Total Rewards – We offer comprehensive programs for compensation, benefits, recognition, learning and development, work-life integration and corporate citizenship.
- Watermark – Watermark is our corporate social responsibility program working to provide education and access to safe water to ensure healthy lives, gender equality, and resilient communities. Employees have the opportunity to learn and volunteer on various water-related projects.
- Employee Networks – Our Employee Networks provide a professional, supportive network for employees from diverse backgrounds, including Women’s, LGBT+ and Allies, Veteran’s, People of Color and Allies, Emerging Leaders, and Working Parents Networks.
The Role: As member of Xylem’s Product Security team, the Security Engineer is responsible for the implementation and execution of security programs and practices to support a growing, global water technology company. This position will work across software and firmware development teams to identify component and system level technical risks and evaluate critical failure points, determine technical security controls to mitigate risks, and work with cross functional teams to implement features according to product road maps.
You will lead security standards implementation, penetration testing and PSIRT programs of for our entire product portfolio. Your passion for security and in-depth knowledge of Product Security will ensure that you deliver high impact results.
Essential Duties/Principal Responsibilities:
- Work with the business, devops and systems teams to identify the right architecture for implementing new solutions, products and modules. Develop, implement and maintain product security strategy for the entire product portfolio covering IoT and, Smart-device suites
- Conduct complete lifecycle security architecture and technical assessments for a wide range of products, including embedded devices, enterprise software solutions, and mobile apps
- Engage in application and domain-specific threat modeling and attack surface analysis and reduction
- Provide guidance and leadership on best practices regarding security in software and firmware development
- Contribute to the development and evolution of the application and infrastructure security reference architecture. Develop, implement and maintain the security architecture for Xylem product portfolio
- Champion the Xylem security SDLC. This includes security testing, penetration testing, and identifying and fixing vulnerabilities in software and applications on all Xylem products.
- Implement or manage the implementation of common application security controls
- Assist other developers in remediating vulnerability findings by providing line-by-line guidance.
- Provide training and education to developers on software security best practices.
- Expert level operational support for security escalations from customers
Minimum Qualifications: Education, Experience, Skills, Abilities, License/Certification:
- BS in Computer Science or equivalent with 5-years of experience
- Demonstrated expertise in product/application security architecture, Network security, application security, web services
- Experience with SAST, DAST, SCA and penetration testing tools
- In-depth experience identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 IoT Top 10 and CWE Top 25
- Meaningful experience in multiple programming languages
- Solid knowledge of the browser security model, crypto, and network security. Attacker mindset: Real passion for breaking all the things unbreakable.
- Knowledge of secure infrastructure architectures, application architectures, encryption, Cloud Security and broader security technologies.
- Strong operating systems knowledge Windows (all flavors), Debian Linux
- IoT network technologies (such as Bluetooth/BLE, WLAN, Z-Wave, Zigbee, identity/auth security)
- Experience with wireless technologies such as CDMA, E-HRPD, GSM, UMTS, TDS-CDMA, LTE-FDD / LTE-TDD, and 5Gexperience with Android RIL, Telephony, C and Embedded RTOS.
- Scripting knowledge Linux scripting (bash), Windows scripting, Python or Perl
- Relevant cyber security certifications
- Scripting skills (i.e.: Ruby, Python, Perl, shell scripts)
- Experience in software development
- Experience with cloud IaaS security operations
- Valuable: Preferred: forensic analysis skills
- Valuable: Blockchain experience
(The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.)
- Regularly required to sit or stand, reach, bend and move about the facility
(The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.)
- Office: Standard office equipment; work usually performed in an office setting free from any disagreeable elements.
- Standard weekly job hours: 40 hours
- Approximately 15% (domestic and international)
Xylem is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.