Product Security Specialist (on-site)

In this new role you will have a direct impact on establishing and managing the Secure Product Development Lifecycle (SDL) process to ensure that products developed by Yaskawa America meet the highest security standards furthering our product reputation.

Oversee controls implementation, vulnerability reports, third-party assessment and product teams training to ensure SDL best practices,.

Evaluate and assess developer competency in following secure development processes, influence managers to update development process implementations to match SDL requirements, evaluate the effectiveness of product vulnerability tests and create security vulnerability reports to be shared with other Yaskawa business units.

Work cross-functionally and with external security experts to create and manage Yaskawa security process and policies.

DESCRIPTION OF DUTIES:


* Create and maintain an SDL process for Yaskawa America product development teams; ensuring compliance with new and evolving compliance requirements.


* Coordinate with outside certification organizations to obtain and maintain compliance to SDL certifications.


* Collaborate on security development activities between the Yaskawa business units and stakeholders.


* Create, track and present security metrics and recommendations to senior management.


* Lead due diligence and threat modeling policies and procedures.


* Consult and influence development team managers on best practices and the proper implementation of the SDL for their development projects.


* Train security test engineers in threat modeling, risk assessment, vulnerability management, and penetration testing.


* Provide training to and complete competency evaluations of Yaskawa associates that are using the SDL.


* Approve or deny the use of third-party components used in products and for product development.


* Review and produce product security vulnerability reports and coordinate the vulnerability handling process.


* Evaluate and approve security test plans.


* Keep up to date with security threats and trends.


* Organize the Product Security Incident Response Team (PSIRT) in Yaskawa America.


* Assist with Cyber Security assessments required by YAI customers.

QUALIFICATIONS:


* B.S.

or M.S.

from an established University in Software Development, Computer Science, Information Security, Engineering or related field.


* 3-5 years experience in software security, application security or product security.


* Preferred expertise in industrial control systems security standards, especially IEC 62443.


* Experienced in development of process standards, secure coding practices, vulnerability management and risk assessment.


* Prior experience in assessing security competencies and providing training on security processes and threat modeling ideal.


* Having worked cross-functionally and/or globally to identify new and diverse best practices in an ever-changing...