Cybersecurity - Senior Advisor
About the Job
Schneider Electric™ creates connected technologies that reshape industries, transform cities and enrich lives. Our 144,000 employees thrive in more than 100 countries. From the simplest of switches to complex operational systems, our technology, software and services improve the way our customers manage and automate their operations. Help us deliver solutions that ensure Life Is On everywhere, for everyone and at every moment: https://youtu.be/NlLJMv1Y7Hk .
Great people make Schneider Electric a great company.
In general, the primary responsibility of a security advisor is to engage with every active project team, advise the team on SDL compliance for each and every security practice, ensure cybersecurity requirements are included in each project, and help teams comply with company Marketing requirements and Technical Invariants.
In some cases, security advisors will also have enough skill and experience to guide teams on security functional solutions (architecture, implantation, testing). Where the security advisor may not have the project's needed skills, the advisor will help the team connect with appropriate resources.
The security advisor stays engaged with every project team through OTM/RDI and implementation phases, ensuring that the agreed security plan is adhered to and escalating when not.
At the end of each project the advisor assesses the project teams security plan compliance and produces a final security report. No project advances unless the FSR is completed and accepted by Leadership.
Detailed activities of a Security advisor, day to day -
- Occasionally, provide security training (meeting with project teams, Lunch&Learn sessions, etc.)
- Keep up on latest CERT bulletins, exploits, etc. Compare to product offer. Ensure emerging attack vectors are assessed against product family offers.
- Participate in Incident Responses when directed
- Meet with teams in preparing the SDL Security Plan
o Reviewing the SDL Evaluation form that the team fills in
o Reviewing the Security Backlog for a project during the planning stage
o Setting the SDL requirements, then reviewing it with the team
o Getting leadership approval of the plan before the team begins writing code
o Letting the team know they can publish the requirements to TFS
- Assist teams in threat modeling their product(s).
- Meet with teams at various milestones during project execution (insist on it so there are no surprises in the end)
- Review their Vulnerability Susceptibility Map (VSM) spreadsheet (this might be getting obsoleted)
- Perform the Protecode scanning of a team's binaries or get them to do it to identify third-party inclusions and patch state (detailed procedure provided)
- Perform the Digital Signature verification of their binaries or get them to do it (detailed procedure provided)
- Run Nessus Professional (vulnerability scanner) (detailed procedure provided below)
- Meet with the team at the end of the project to perform the Final Security Review
o Make sure all artifacts are completed
o Review SCA logs, BinScope logs, Protecode reports, Nessus report, etc.
o Make sure all system test is completed (so no more defects are expected to be found)
o Any open security defects must be reviewed and put in the security backlog if it is agreed they will not be addressed during the current project
- Occasionally, renew licenses for security tools (Nessus, Metasploit, BurpSuite, etc.)
- Request ISA/IEC standards (SE uses a service company named AFNOR/Webport)
- Guide teams through ISASecure certification when appropriate
- Review all project user documents for appropriate security content. Evaluate content and correct as needed
- Review changes to SDL process documents
- Keep up with advances in security tools, procedures, and processes
- Possibly attend security conferences as appropriate (e.g. ICS JWG)
We seek out and reward people for being straightforward, open, passionate, effective and challenging the status quo. We want our employees to reflect the diversity of the communities in which we operate. We welcome people as they are, creating an inclusive culture where all forms of diversity are seen as a real value for the company. We're looking for people with a passion for success - on the job and beyond. See what our people have to say about working for Schneider Electric: https://youtu.be/6D2Av1uUrzY .
Let us learn about you! Apply today.
You must submit an online application to be considered for any position with us. This position will be posted until filled.
It is the policy of Schneider Electric to provide equal employment and advancement opportunities in the areas of recruiting, hiring, training, transferring, and promoting all qualified individuals regardless of race, religion, color, gender, disability, national origin, ancestry, age, military status, sexual orientation, marital status, or any other legally protected characteristic or conduct.
Concerning agencies: Schneider Electric does not accept unsolicited resumes and will not be responsible for fees related to such.
Schneider Electric is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.