Job description

The Cybersecurity Advisor at Schneider Electric will implement the Secure Development Lifecycle framework and advise on cybersecurity technical requirements for the development of secure products and systems. They serve as the SME to ensure cybersecurity is integrated throughout the offer development process and provides guidance on Secure Development Lifecycle practices.

Responsibility

• Serve as the Subject Matter Expert to ensure cybersecurity topics are prioritized and embedded in the Offer development process from the design phase.
• Provide guidance, coaching, and expertise to implement Secure Development Lifecycle practices such as threat modelling, secure design, secure coding, implementation, and security testing.
• Collect Secure Development Lifecycle and cybersecurity metrics.
• Aid in the deployment of Secure Development Lifecycle and cybersecurity functionalities as required by standards such as IEC62443.
• Ensure that assigned development teams adhere to risk-driven cybersecurity processes and controls throughout the development lifecycle.
• Assist development teams in managing vulnerability triage and resolution.
• Support teams in conducting internal Secure Development Lifecycle audits and Formal Cybersecurity Reviews (FCSRs).
• Perform foundational data protection and privacy screening of offers.
• Represent offer development teams in Business Unit and PSO security meetings and workshops.
• Conduct training sessions and presentations to enhance cybersecurity competencies within development teams.
• Monitor organizational maturity using cybersecurity maturity frameworks and track other Secure Development Lifecycle-related goals.
• Take an active part in the cybersecurity community at both the Energy Management and global company levels.

Qualifications

• Standing Certification in Cybersecurity Management such as CISSP, CSSLP; and/or IEC 62443 Certified Specialist.
• Experience of working in an Engineering/R&D group following a Secure Development Lifecycle with standards such as IEC 62443, ISO 21434, or Microsoft SDL; engagement with management and development teams.
• Experience guiding and assisting organizations in implementing security product/system development practices.
• Knowledge of security and privacy standards, regulations, and legislation.
• Ability to develop threat models, analysing threats, and rate threat severity using established industry practices.
• Knowledge of static code analysis tools, secure coding standards, fuzz and penetration testing, and formal security reviews.
• Understanding of domain appropriate communication mechanisms protocols.
• Background in domain appropriate development (e.g., embedded, cloud, mobile, industrial automation, energy management).
• Self-starter and team player; ability to work independently and drive initiatives.
• Strong communication skills, including the ability to render concise reports, summaries, and presentations.
• Strong analytical and problem-solving skills.
• Project management or technical leadership skills preferred.
• Good level English is mandatory.