Senior Specialist I - Product Security & Privacy

Job Title

Job Description

This role, embedded in to product development life cycle will ensure- Secured by Design, Privacy by Design and Threat modelling aspects are carried out as part of Secured Software Development Life Cycle. 

Individuals in this role will engage with Architects, Technical leads and R&D Engineering & Development teams to ensure the security and privacy considerations are considered well in advance during the product development cycle. They will review the High-level design, Low-level design and System specification documentation for security consideration and sign them off before the development happens.

They also collaborate with architects to arrive at appropriate security solutions balancing the security risks and the business impact.

Specific job responsibilities include:

• Assist Philips business units in the development and implementation of product security and Privacy practices including policies, standards, guidelines, and procedures.
• Verify that security and privacy requirements defined in the security plans, policies, and procedures are followed and protection measures are functioning as intended.
• Conduct security and privacy reviews to determine compliance.
• Guide the business unit in their management of the resolution of security audit or review findings.
• Provide security risk management and security advice as well as advice on strategic direction relating to product and information security.
• Work with deployment/operations information security officer to proactively and cooperatively communicate and mitigate risks.
• Assist with security incidents and review risk and impact of breaches to protected systems.
• Participate in architecture and design of services providing information and product security advice.
• Review proposed services, engineering changes, and feature requests for security implications and needed security controls.

Technical skills and experience:

• 5 - 14 years of security experience including responsibility for the security of a software application and IT infrastructure including defining product security roadmap
• Required Skills & Experience:
• Application Security Expertise: Strong knowledge of security domains across all phases of Secure SDLC, including API security and microservices security.
• Risk & Threat Management: Experience in risk assessment, threat modelling & & Secure Architecture
• Identity & Access Management (IAM): Hands-on experience in designing access management architectures using OAuth 2.0, OIDC, SAML 2.0, and XACML authorization policies.
• Cryptography & Certificate Management: Strong knowledge of symmetric and asymmetric cryptography, PKI, TLS, and certificate management.
• Cloud Security & Virtualization: Hands-on experience with AWS, Azure, and familiarity with virtual machines, Docker, and Kubernetes.
• Familiarity with OWASP Top 10, SANS security vulnerabilities, and open-source vulnerability handling.
• Programming & Scripting: Proficiency in Java/JavaScript, Bash scripting, Python.
• Multi-Tenancy Architecture: Understanding of multi-tenant security architecture.

Education

• Bachelor  degree in technical stream required ( BE, ME, MS, MCA)

• Degree or concentration in Computer Science, Information Systems, Information Security or similar preferred.

Ideal candidate will have one of the following certifications

• Security- CISSP, CISM, SABSA, CEH
• Privacy - CIPP, CIPM, CIPT

#LI-PHILIN