Cyber Security Design Engineer

• Own the effort to assess and define the cyber security design requirements for border protection and transportation security products. Perform this work from within a standardized security framework.
• Analyze, report on and assist in management of security-related risks, including reporting on outcomes and proposing further security improvements.
• Help with the constant process of educating product design staff and organization stakeholders on cyber security and how it affects the product design and support efforts
• Own the process of defining innovative solutions to secure and support networked products that are used in highly diverse settings over long install periods.
• Participate in and assist with development or product test protocols. These protocols should allow for efficient assessment of product vulnerabilities and include work with engineering and provide recommendations of remediation alternatives.
• Work with product engineering teams to help them understand cyber security test results and identify remediation techniques that could be employed to address the findings
• Lead efforts to assess the vulnerability of products to new and emergent threats. Efforts must identify root cause and identify remediation strategies as needed. Work to develop communications from those assessments that will inform internal engineering, service and external customers.
• Proactively support use of standardized processes. Prepare and document standard operating procedures and protocols to help ensure the security of our products as they are designed, developed, supported, and used.
• Uphold the company’s core values of Integrity, Innovation, Accountability, and Teamwork
• Demonstrate behavior consistent with the company’s Code of Ethics and Conduct
• It is the responsibility of every employee to report to their manager or a member of senior management any quality problems or defects in order for corrective action to be implemented and to avoid recurrence of the problem
• Duties may be modified or assigned at any time to meet the needs of the business.

• 3 years of work experience in information technology with a focus in security.
• Bachelor’s degree in Computer Science, Information Security, Engineering, or related field
• Experience in supporting product design efforts and leading cyber security design efforts that are based on holistic industry security standards
• Familiarity with security standards and frameworks including NIST 800-53, NIST CSF, NIST 800-171, IEC 62443, and/or ISO 27001.
• Demonstrated experience leading efforts to define and capture the architectural and technical product design specifications at the network, as well as application, and database/data store level of the product and the business eco system it operates within.
• Experience performing vulnerability testing of systems and software
• Experience performing Threat, Exploit, and Vulnerability analysis of products and systems
• Knowledge and experience with industrial systems and Internet of Things (IoT) is desirable
• Detailed technical knowledge of operating system and network security in physical, virtual and cloud-based (AWS) implementations is required.
• Hands-on experience in security systems, including endpoint security, vulnerability management, network security technologies such as firewalls and IDS/IPS, wireless network security, authentication systems, log management, and encryption.
• Experience with application and database security design is desirable.
• Experience with governance and risk management for vulnerabilities identified during cyber security testing operations is expected.
• Proven ability to lead a project from start to finish from the technical side.
• Experience writing engineering design specifications.
• Capability to clearly communicate information security concepts and risks
• Good verbal and written communication skills in English.
• Demonstrated ability to work as part of a team.
• Able to reliably complete assignments with limited supervision, and to help lead the actions of others to accomplish complex or extended work assignments.
• Cybersecurity certifications such as Security , CISSP, CCNA Security, or GIAC are desirable
• Experience working in a global environment across multiple time zones.
• May involve some international travel
• Must be capable of passing security background clearance investigation

NOTICE TO THIRD PARTY AGENCIES

OSI Systems, Inc. and its subsidiaries (collectively “OSI”) does not accept unsolicited resumes from recruiters or employment agencies. If any person or entity, including a recruiter or agency, submits any information, including any resume or information regarding any potential candidate, without a signed agreement in place with OSI, OSI explicitly reserves the right to use such information, and pursue and/or hire such candidates, without any financial obligation to the person, recruiter or agency. Any unsolicited information or resumes, including those submitted directly to hiring managers, are considered and deemed to be the property of OSI.