Cyber Security Engineer
We at ABB are looking out for passionate cyber security engineers to work on building security capabilities in ABB Ability products which follow agile development methodology. As a Security Engineer you will be working closely with software engineers from the various common component and cloud based application development teams to build a secure architecture that is fundamentally sound and efficient. Should assist teams right from requirement gathering to defining threat model or assist development teams in building secure software. Also perform security assessment on products which follow incremental development approach.
Perform black-box, white-box and grey-box testing of software applications, verification testing on assigned defects.
Perform variety of test patterns including baseline and regression tests
Responsible for test requirement definition, design of test strategies, test scenarios and test cases, test scripts and test data development.
Deliver security tools and automation framework to plug-in various security tools into existing ones to delivery key security capabilities.
Actively participate in threat hunting using manual and automated tools
Staying current on latest test approaches and test tools and transfers this knowledge to test team
Conduct security reviews and assessment of common platform components.
Support product teams during the threat modelling phase of the product development, work with teams to ensure commitment to the cyber security strategy of minimizing flaws and ensure adherence to the integrated secure development lifecycle process,
Experience working with Linux and operating systems, scripting languages like Python.
• Skilled in automation via scripting or programming languages (Python, Ruby, Shell, Perl, C/C++, Java, etc.).
• Vulnerability and threat management experience.
• Experience with various security tools (Nessus, Burp Suite, API Security testing tools, Metasploit, Kali Linux, etc.)
• Good understanding on secure SDLC.
• Expertise in Agile and can work with at least one of the common frameworks
• Understanding of Security architecture both from a penetration testing and design point of view
• In-depth knowledge of TCP/IP networking (OSI stack, TCP, etc.)
• Experience with Java, Python, Perl and Ruby for automation
• Knowledge and experience with network and application security practices
• Sound knowledge of Azure, AWS and other public and private cloud infrastructure is preferred.
• Motivated, self-driven, and passionate about your work
• Deep and broad understanding of security vulnerabilities and attacks (Firmware, Network and Software) and ability to apply them or find new ones based on new technology being developed.
• Good experience with cyber security threat modeling and assessment using various tools such as Threat Modeler and Microsoft Threat Modeling Tool etc.