Location
Missouri-St. Louis , United States
Description
The Security Engineer will be responsible for helping to build and support Threat and Vulnerability Management’s Internet of Things (IoT) security service. This includes threat modeling, risk assessments, security design and review, and product security assessments.
The position will primarily be responsible for supporting and executing threat models, risk assessments, security reviews, creating appropriate documentation, and developer training. They will work closely with product development teams during their life cycles to build in security throughout and potentially test to verify the implemented controls.
They will interface with the Emerson Business Group information security and application leaders to provide timely threat models, security assessments, reporting, guidance and assistance with remediation where applicable.
PRINCIPAL FUNCTIONAL RESPONSIBILITIES
- Threat modeling and risk assessments supporting Emerson applications, infrastructure and products
- Security training and outreach to internal development teams
- Security architecture, application, and product design reviews
- Security metrics development, delivery and improvements
- Security guidance documentation
- Test and validate security controls are properly implemented for
- Emerson application, infrastructure and products
- Projects and research work as needed
- Security tool assessment and development
Requirements
EDUCATION/LANGUAGE
- Bachelor’s Degree in Computer Science or related field, or equivalent work experience
- Minimum of 3 years of experience with any combination of the following: threat modeling, embedded systems and IoT security, web and mobile security, secure software development, cryptography, network security, penetration testing
- Threat modeling and risk assessment approaches in diverse enterprises, products, and software development styles.
EXPERIENCE/SKILLS
- Experience performing threat modeling using standards such as STRIDE
- An understanding of network, web, IoT, and industrial related protocols (such as, TCP/IP, UDP, IPSEC, HTTPS, Modbus, MQTTS)
- An understanding of web services, and cloud architecture and infrastructure
- Experience with programming languages (such as C/C++, Ruby, Python, etc.) a plus
- Excellent written and verbal communication skills
- Demonstrable teamwork skills and resourcefulness
Possess self-drive to keep moving things forward even in the face of ambiguity and imperfect knowledge (avoid “analysis paralysis”)
Strong sense of ownership, urgency, and drive - Sharp analytical abilities