Associate Principal Security Architect – Product Security

• Ensuring that Dyson’s products and the ecosystems they connect to are secure. 

• Assisting in the strategy, architecture and governance of Dyson’s connected consumer / IoT devices at all project stages; from setting security requirements, defining product security guidelines and principles, through to evaluating risk and overseeing assurance activities. 

• Set the direction for our engineering teams to deliver against, capturing and articulating cyber security risk, and providing consultancy services to our stakeholders in product development. 

• Planning, researching, designing and building robust security architectures for new projects. 

• Improving efficiency, automation and performance of security, reducing cost of ownership and driving quality, security and speed. 

• Engaging with new business initiatives – delivering secure, supportable solutions. 

• Providing security risk assessment and recommendations throughout delivery lifecycle - producing designs, defining patterns and engaging with delivery (Waterfall, Agile and DevSecOps).  

Qualifications and Experience 

You’ll have a solid background in product development or security architecture of IOT/OT platforms, including engineering of core, best-in-class secure products.    

• Background in hardware or embedded software. 

• Good understanding of security techniques for securing devices and communications with them, such as authentication, encryption, integrity checking and establishing a root of trust. 

• Current industry best practice and guidance for securing IoT devices. 

• Real Time Operating Systems. 

• Microprocessor and Microcontroller architectures and their security features. 

• System-on-Chip devices (e.g. Bluetooth/WiFi) and their associated software stacks. 

• Secure Software Download. 

• Threat Modelling. 

• Security Risk Assessment.

• Ability to quickly learn new technologies and architectures and identify potential security weaknesses. 

• Security Requirements for standalone and connected products. 

Knowledge across several security and engineering topics, ideally:  

• Embedded Software Languages and Software Development Lifecycle. 

• Knowledge of common attack vectors and how to minimise the threats they pose. 

• Keeping abreast of product security advisories, alerts, security trends and practices. 

• Identification and remediation of vulnerabilities in Open Source Software. 

• Ability to rapidly learn deeply technical subjects related to product security, and an ability to keep abreast of security impacts to fast moving industries, such as the consumer electronic device industry. 

• Mobile phone platform architecture (IOS and Android) and the security features they offer. 

• Cloud architecture and security. 

• Penetration Testing. 

• Tools used to identify software vulnerabilities (e.g. Static Analysis, DAST tools). 

• Security testing and assurance. 

• Secure Software Development Frameworks