Senior Engineer I, Cybersecurity Testing and Audit

Lead, Cybersecurity Penetration Tester

Context

Schneider Digital is the global IT organization within Schneider Electric.

We have, within our Cybersecurity function, an objective to assess the security of our systems, to identify security risks before those materialize.

Technical assurance, by means of security testing of the actual system, is crucial so we identify application related issues that need to be addressed.

This role is part of our DE Penetration Testing unit and will focus on performing penetration testing of those systems, and providing clear guidance as to how to address weaknesses identified.

The role holder will be working in collaboration with the applications security and compliance regional managers and other IT specialists, to train in Schneider Electric security policies, processes, and tools.

Responsibilities

The Lead Cybersecurity Penetration Tester will work with project teams to ensure applications meet our security policies.


* Understand project deliverables and application details


* Run automated and manual security checks (not limited to tools) to uncover security weaknesses in the system


* Propose mitigation steps for identified risks and threats


* Provide clear recommendations from a security perspective based on understanding of application, application risk and business context, and results of checks performed.


* Work alongside the cybersecurity community and application teams.


* Explore process, reporting and improvement in techniques


* Ability to collaborate with other penetration teams to align knowledge, tools and techniques

Behaviors and Competencies


* Strong written and verbal communication skills, with a proven ability to communicate with technical staff, as well as project teams, so security risks are understood in business terms


* Keep pace with standards and technologies related to security


* Leadership / Act like owners


* Collaboration / Teamwork


* Requirements Gathering and Analysis


* Interpersonal Skills, proactiveness


* Willing to learn new skills / Learn Every day and desire to succeed and grow

Skills


* Security - Web, Mobile, API, Cloud and container security, Thick Client, Network, Operating System


* Applications Development & Delivery


* Understanding or experience of any of the following is an advantage:
+ Cloud Security Assessment and Security Audits of Cloud Environment
+ Vulnerability Management (Process, Tools and Metrics)
+ NIST Cybersecurity Framework
+ Critical Security Controls (CSC)


* Expertise in DevSecOps methodologies is also an advantage.

Knowledge


* Pentest standards and methodologies, OWASP, SANS etc.


* Subject matter expert in web/mobile/thick client/API/IoT/IIoT assessments


* Good understanding of server vulnerabilities (Linux, Windows) and hardening


* Familiarity with cloud platforms, and cloud container security


* ...