Principal Security Engineer – AUTO OEM BACKGROUND

Principal Security Engineer – AUTO OEM BACKGROUND

We are seeking a Principal Security Engineer who will handle and respond to security incidents related to its products or services. The main purpose of this role is to identify, assess, prioritize, and respond to vulnerabilities or threats that may impact the security of the organization's offerings. This role will help in building an effective PSIRT to ensure greater product quality and fewer security patching updates. These outcomes not only keep costs down, but they also help the brand by avoiding the appearance of being lax about a product's security.

Client (type/industry): IT Solutions branch of a major Japanese company

• Working Location: On-Site (Plano, TX)
• Employment Type: Full Time
• Salary: Up to $76-88/h
• Benefit: Full Benefits
• VISA support: NO/ United States (Required)
• Language: English

(Job Overview)

Duties/Responsibilities:

• Technical Leadership: Serve as the primary technical lead for investigating vulnerabilities and security incidents across various domains, including Vehicle, Application, and Back End systems.
• Guidance and Strategy: Provide expert technical guidance and contribute to the formulation of effective investigation strategies to swiftly identify and address security threats.
• PSIRT Support: Collaborate closely with the PSIRT Team to investigate and track identified vulnerabilities using the VVM Jira tool, thereby facilitating continuous improvement of the organization's security posture.
• Stakeholder Coordination: Liaise with stakeholders to assess vulnerabilities and recommend appropriate remediation or mitigation measures, ensuring timely and effective risk reduction.
• Remediation & Mitigation Tracking: Monitor the progress of remediation and mitigation efforts using the VVM Jira Tool, maintaining close communication with Product Leads and Scrum Teams to ensure alignment and swift resolution of security issues.
• Ad-hoc Technical Support: Provide on-demand technical expertise and support for various PCG services and programs as needed, leveraging a deep understanding of product security principles and best practices.

Requirements:

• Proven expertise in conducting technical investigations into security incidents and vulnerabilities across diverse OEM environments such as Vehicle, Application, and Back End systems.
• Strong familiarity with industry-specific tools and methodologies for vulnerability management and incident response within the OEM sector.
• Excellent communication skills with the ability to effectively convey technical information to diverse audiences and collaborate with cross-functional teams within an OEM context.
• Demonstrated ability to provide technical leadership, guidance, and mentorship to junior team members within an OEM setting.
• Experience working with issue tracking and project management tools such as Jira for tracking vulnerabilities and remediation efforts, preferably within an OEM environment.
• Ability to adapt to fast-paced OEM environments and prioritize tasks effectively to meet OEM-specific deadlines and requirements.
• Experience with cybersecurity incident response frameworks such as NIST CSF, ISO 27035, or similar.
• Familiarity with Agile development methodologies and Scrum practices.
• Prior experience in automotive cybersecurity or related industries.
• Knowledge of scripting languages such as Python, PowerShell, or Bash for automation and tool development.

Qualifications:

• Bachelor’s degree in computer science, Information Security, or a related technical field; or equivalent practical experience.
• 10+ years of Engineering experience in cybersecurity, incident response, vulnerability management, or related fields within the OEM industry.
• Willingness to travel up to 15% of the time, with a minimum expectation of 2 days per month and 1 week per quarter for on-site engagements and collaboration within the OEM industry.
• Master’s degree in computer science, Information Security, or a related technical field.
• Industry certifications such as CISSP, CISM, CEH, or equivalent.

Benefits:

• Medical health insurance (including dental and vision).
• Competitive paid time off and company paid holidays.
• Comp time for holidays worked.
• 401k matching program.
• Company profit sharing.
• Merit increases and bonus structure.
• Professional development and education reimbursement.