We are looking for an IoT/IIoT cybersecurity engineer, in a hybrid home and laboratory position, headquartered in the UK to strengthen our IOT cybersecurity team. Your primary objective will be to deliver cybersecurity assessment and certification evaluation of products and components. Examples of the tasks, include, but are not limited to; assessment to latest cybersecurity standards, penetration testing (IoT and WebApp), threat modelling, firmware investigation, code analysis etc.
This service will be provided to external clients, who will predominantly be manufacturers of wired and wireless IoT/IIoT devices. You will be part of a dynamic, professional global team whose core values include operating with integrity, being solutions orientated and being committed to building and sustaining long-term relationships with our customers.
You will regularly engage with customers and attend to customer requirements and, using your technical expertise, you will contribute to the development and scaling of a robust product certification framework. Your role will include testing products as well as contributing to the development of an evolving and dynamic cyber assessment service.
The opportunity offers a competitive salary package and a modern working environment with a subsidised on-site restaurant and gym and support in finding local accommodation if required.
Main Duties & Responsibilities:
* Perform assessments to the latest cybersecurity regulations, standards and guidelines
* Perform security reviews and testing of IOT hardware devices, including application design, embedded software, web applications, web services and mobile applications to bespoke test programs and the latest regulatory cybersecurity requirements
* Hardware penetration testing
* Skilled in the use of the appropriate software tools used in assessments and penetration
* Engage with customers, understand their products and assessment requirements, and define bespoke test programs based upon our customer needs
* Actively contribute to the development of the TUV SUD security program with a focus on IIoT/IoT devices.
* Participate and contribute on global cybersecurity regulatory standards committees
* Provide training to customers on the interpretation of regulatory standards and best practice
* Fluent written and spoken English (other language skills would be desirable).
Essential Criteria:
* Relevant Cybersecurity qualification, preferably a cybersecurity degree (BSc/MSc/PhD) or equivalent cybersecurity qualification
* Experience in a penetration testing (SW/HW) or similar offensive security
* A commitment to customer service excellence.
* Strong analytical skills and efficient problem solving.
* Ability to work unsupervised, under pressure and meet deadlines.
* Creative with strong commitment to quality and excellence.
Desirable Criteria:
* Assessment experience to EN (Apply online only), EN 18031-x series of standards, NIST 8259, NIST CSF, etc
* Additional cybersecurity credentials such as OWASP, OSCP, CISSP etc
* Knowledge of security architecture design and applying regulatory guidance on cybersecurity assessment methodologies for risk management.
* Practical knowledge with the development and implementation of electronic, network, or data security related controls (encryption, digital signatures, secure boot, access control, password management).
* Understanding how to implement security activities such as vulnerability and patch management, threat intelligence etc.
* Hands-on practical knowledge with reverse engineering and/or vulnerability testing tools and techniques.
* Experience in common scripting languages such as Python, Ruby, LUA, Powershell or BASH and at least one development language e.g. Java, C, C# or similar would benefit the role.
* Experience in product development and testing.
Further Information:
TÜV SÜD in the UK offers a competitive salary and benefits package that includes a minimum of 33 days holiday entitlement (for full-time employees, including public holidays), a contributory Group Personal Pension Plan and a non-contributory Group Life Assurance Scheme. We also offer various Salary Exchange/Sacrifice schemes (buying/selling holiday, cycle to work scheme, pensions), incentive schemes and comprehensive wellbeing support (Employee Assistance Programme, Dental Scheme and Occupational Health services). Dependent on their role, employees may also be eligible for hybrid/permanent home-working, a Company Car/Car Allowance and Private Medical Insurance