Associate Principal Security Architect – Product Security
India - Bengaluru IT Capability Centre
Our Cyber Security Team
It’s no secret that our intellectual property is critical to our success. In order to secure our ideas and designs, our customer and employee personal data, and to protect operations from cyber-crime, Dyson’s global Cyber Security and IT Risk group works effectively to keep our secrets secret and secure our crown jewels, using advanced technologies to stay one step ahead of the game.
We have a continuous focus on transforming and managing all aspects of security - including architecture, engineering, technology risk management, cyber operations, end user security and project delivery. We invest heavily in new security capabilities (technology, processes and people) and leverage our strong cyber ecosystems to tackle future threats.
Product Design, Manufacturing, Supply Chain, eCommerce and Enterprise IT Systems are at the beating heart of Dyson’s cyber defence priorities. We play a key role in ensuring the successful design and delivery of exciting new business and security projects, and that our controls and security platforms remain effective and compliant. Furthermore, our cyber operations capabilities are delivered on a global 24x7 basis from our strategic locations across the US, UK / Europe, India, Singapore and China.
As Dyson products become ever more complex, deploy new technologies and innovative architectures, and connect to more complex ecosystems, they face an ever-evolving cyber risk landscape, with a need for continual review and vigilance to address emerging new threats.
The Security Architecture and Engineering team plays a key role, with responsibility for the design and engineering of our core enterprise and Operational Technology cyber protection technologies – along with the actual design of the security elements of business and IT projects. We also play a critical role in assuring the security and compliance of all Dyson’s existing and new products.
Alongside technical expertise in the relevant areas of Security Architecture, the role requires strong business partnering and relationship building skills. It involves working closely with project teams in business areas to develop practical solutions to mitigate business risks. There’s ample scope to share and build on existing technical expertise, and we invest heavily in the development and training of our team.
We're committed to our campus culture and don’t look to offer a regular hybrid working arrangement. This helps us to achieve the spirit of Dyson – collaboration, creativity, and inventiveness – in our inspiring, social, and dynamic workspaces.
About the role
Ensuring that Dyson’s products and the ecosystems they connect to are secure.
Assisting in the strategy, architecture and governance of Dyson’s connected consumer / IoT devices at all project stages; from setting security requirements, defining product security guidelines and principles, through to evaluating risk and overseeing assurance activities.
Set the direction for our engineering teams to deliver against, capturing and articulating cyber security risk, and providing consultancy services to our stakeholders in product development.
Planning, researching, designing and building robust security architectures for new projects.
Improving efficiency, automation and performance of security, reducing cost of ownership and driving quality, security and speed.
Engaging with new business initiatives – delivering secure, supportable solutions.
Providing security risk assessment and recommendations throughout delivery lifecycle - producing designs, defining patterns and engaging with delivery (Waterfall, Agile and DevSecOps).
Qualifications and Experience
You’ll have a solid background in product development or security architecture of IOT/OT platforms, including engineering of core, best-in-class secure products.
Background in hardware or embedded software.
Good understanding of security techniques for securing devices and communications with them, such as authentication, encryption, integrity checking and establishing a root of trust.
Current industry best practice and guidance for securing IoT devices.
Real Time Operating Systems.
Microprocessor and Microcontroller architectures and their security features.
System-on-Chip devices (e.g. Bluetooth/WiFi) and their associated software stacks.
Secure Software Download.
Security Risk Assessment.
Ability to quickly learn new technologies and architectures and identify potential security weaknesses.
Security Requirements for standalone and connected products.
Knowledge across several security and engineering topics, ideally:
Embedded Software Languages and Software Development Lifecycle.
Knowledge of common attack vectors and how to minimise the threats they pose.
Keeping abreast of product security advisories, alerts, security trends and practices.
Identification and remediation of vulnerabilities in Open Source Software.
Ability to rapidly learn deeply technical subjects related to product security, and an ability to keep abreast of security impacts to fast moving industries, such as the consumer electronic device industry.
Mobile phone platform architecture (IOS and Android) and the security features they offer.
Cloud architecture and security.
Tools used to identify software vulnerabilities (e.g. Static Analysis, DAST tools).
Security testing and assurance.
Secure Software Development Frameworks
Dyson is an equal opportunity employer. We know that great minds don’t think alike, and it takes all kinds of minds to make our technology so unique. We welcome applications from all backgrounds and employment decisions are made without regard to race, colour, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other any other dimension of diversity.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Android Automation Cloud Compliance DAST DevSecOps E-commerce Ecommerce Encryption Governance iOS Open Source Pentesting Product security Risk assessment Risk management SDLC Strategy Vulnerabilities
Perks/benefits: Team events
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open SOC Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Ingénieur DevSecops H/F jobs
- Open Chief Information Security Officer jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Staff Security Engineer jobs
- Open Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Security Operations Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Security Architect jobs
- Open o365 Security Architect jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Senior Security Analyst jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior SOC Analyst jobs
- Open Cyber Security Architect jobs
- Open GCP-related jobs
- Open SOC-related jobs
- Open Risk assessment-related jobs
- Open Governance-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open CISA-related jobs
- Open Security Clearance-related jobs
- Open Vulnerability management-related jobs
- Open Kubernetes-related jobs
- Open DevOps-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Forensics-related jobs
- Open SQL-related jobs
- Open CI/CD-related jobs
- Open DoD-related jobs