Freelance Embedded Engineering Cybersecurity Consultant

Our client, a Leading Global Specialist in Energy Management and Automation, is seeking an experiencedEmbedded Engineering Cybersecurity Analystfor their runtime team in the industrial automation. The runtime team is an integral part of EcoStruxure Automation Expert. This position is focused onCybersecurity aspects of architecture, design, implementation, and maintenance of runtime codebase.Roles & Responsibilities: Work with the runtime Cybersecurity Advisor/Coach to ensure eachrelease of the runtime SDK is developed according to Secure Development Lifecycle (SDL) , to meet internal and external cybersecurity standards, regulatory compliance, and the needs of customers. Provide cybersecurity expertise through guidance in architecting, designing and threat model mentoring to members during development cycle.Performcybersecurity code review for pull requestsas part of the SDL process. Evaluation, tracking, and resolution of product and runtime cybersecurity issuesandrelated technical debt in 3rd party packages, reported both internally and from external sources, such as: Cybersecurity vulnerabilities (CVEs) OS/package patches: Debian GNU/Linux, VxWorks Commercial/FOSS packages: Mongoose, UA-HPSDK, OpenSSL ,mbedTLS, fmt, libyuarel, Frozen, optionparser, zlib, among others. Management and use of tools for static and dynamic code analysis(Coverity, SQuORE, Halgrind, Valgrind, CppCheck) andSoftware Composition Analysis(Black Duck Binary Analysis, Black Duck Hub) in 3rd party packages and current code base with maintaining the mentioned: Address false-positive findings, evaluate and triage bugs, resolving or assigning to an SME as appropriate. Evaluate BDBA/BDH findings and work with the runtime teams to resolve. Ensure qualimetry data for all significant branches(master branch, release branches, component branches) is current and accessible for use by management with keen attention on the mentioned: Setup to support new releases as needed Regular/scheduled and on-demand scans to timely detect abnormalities. Monitor the changes and notify if trending is upward Create and update formal report on branchesSkills Required Engineering degree (BS in Electrical, Computer Science, Robotics, or related discipline) 8 - 12 years’ experience of code developmentformultitask embedded system running in Linux, VxWorks/RTOS, and windows. Seasoned programming skills with object-oriented design (C/C++) and scripting languages (Python, Bash, Shell, PowerShell) Knowledge of cybersecurity issues common to C/C++. Knowledge of Common Vulnerabilities and Exposures. Knowledge of IEC 62443-4-2. Familiarity with Open-source software (OSS), Git, GitHub, Debian GNU/Linux, Ubuntu. Familiarity with Software Composition Analysis (SCA), Static Code Analysis and Static Application Security Testing (SAST), Fuzz testing Demonstrate ability to work with cross functional and global teams, and the ability to align and bring best in class processes, coding standards. The Ideal consultant should be able to work with members in India, Europe and U.S. EST time zone.

Apply Now