Cyber Security Engineer II safeguarding systems at MSK, involved with complex technologies in cancer care security. Lead threat investigations and apply technical knowledge for security improvements.
About the role
- Tech Lead for Product Security Testing driving security verification and validation in embedded industrial products. Leading advanced security testing, including penetration testing and fuzzing compliance with IEC 62443 standards.
Responsibilities
- Act as technical lead for product security testing across embedded industrial product lines.
- Define and drive end-to-end security test strategy, scope, and depth based on threat models and risk.
- Validate implementation of security controls (secure boot, firmware integrity, authentication, encryption, and secure update) through testing and evidence.
- Lead advanced security testing activities
- Penetration testing
- Fuzzing and protocol robustness testing
- Vulnerability assessment and fixes validation
- Establish and govern security test metrics, KPIs, and quality gates aligned with IEC 62443-4-1 / 4-2.
- Architect and standardize security test automation frameworks and reusable tooling.
- Review and approve security test plans, automation scripts, and test evidence.
- Lead security incident testing and post-fix validation.
- Provide hands-on technical mentoring to security test engineers.
- Partner with firmware, architecture, and product security teams to ensure testability and risk coverage.
Requirements
- Bachelor’s or master’s degree in Electronics, Instrumentation, or related field
- 10–12 years of experience in embedded systems Verification & validation
- 10–12 years of experience in Product Security Testing for industrial or OT products
- Proven experience leading security testing efforts across multiple products or releases
- Strong expertise in embedded firmware and hardware security testing
- Advanced penetration testing and threat-based testing for industrial/OT products
- Hands-on experience with fuzzing and protocol robustness testing (AFL, libFuzzer, Peach or similar)
- Strong working knowledge of IEC 62443 (4-1 / 4-2) from a testing and compliance evidence perspective
- Experience testing industrial communication protocols (HART, Modbus, Fieldbus, Ethernet/IP, PROFINET)
- Python scripting for security test automation and tooling
- Experience leading and mentoring security test engineers
Benefits
- competitive benefits plans
- a variety of medical insurance plans
- an Employee Assistance Program
- employee resource groups
- recognition
- flexible time off plans
- paid parental leave (maternal and paternal)
- vacation
- holiday leave
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Principal Security Engineer working on network security lifecycle and threat management for Verizon’s 4G/5G Cloud Networks. Collaborating with multiple teams to enhance cybersecurity posture.
Cybersecurity Engineer at Verizon responsible for security lifecycle and effectiveness across networks. Leading incident response and vulnerability management in a hybrid work role.
Director of Security and Compliance safeguarding digital assets and data with a focus on cybersecurity and compliance. Leading risk management, stakeholder engagement, and team leadership initiatives.
Information Security Risk & Compliance Analyst at AAB managing compliance with ISO 27001, supporting enterprise risk assessments and enhancing information security systems.
Information Security Risk & Compliance Analyst at AAB focusing on ISO 27001 compliance and information security management. Collaborating across teams to ensure robust risk and compliance frameworks.
Information Security Risk & Compliance Analyst supporting the maintenance of ISO 27001 standards. Contributing to risk assessments and compliance across AAB’s Business Protection Team.
Security Principal at Optiv designing AI security solutions for clients, leveraging advanced security services and technologies. Driving pipeline generation and maintaining strong client relationships as a trusted advisor.
Cloud Security Architect supporting federal customer projects focused on architecture and security solutions. Conducting risk assessments and defining security requirements within a cloud environment.
Information Security Specialist responsible for enhancing cybersecurity posture through incident management and compliance. Collaborating with cross - functional teams to monitor threats and implement security measures.