Senior Product Security Analyst

Descrizione

We’re Hiring for a Senior Product Security Analyst!

If you are excited and passionate about helping #LetsSolveWater, consider joining our team today!  Xylem, Inc. is a leading global water technology company servicing more than 150 countries and is dedicated to solving the world’s most challenging water issues.  We are looking for individuals to join our mission by exceeding customer expectations through smart sustainable solutions.  At Xylem, you will have the opportunity to solve water by participating in our paid Volunteer Program, Xylem Watermark!

THE ROLE: As member of Xylem’s Product Security Incident Response team, the PSIR Analyst is responsible for the implementation and execution of security programs and practices to support a growing, global water technology company.  This position will work across product development and product support teams to lead response activities to vulnerabilities and incidents involving Xylem products.  This position will liaise with appropriate external stakeholders including government agencies, suppliers, and customers to coordinate response efforts.

You will help build and lead the Product Security Incident Response Team (PSIRT) programs for our entire product portfolio. Your passion for security and in-depth knowledge of Product Security will ensure that you deliver high impact results.   We offer a full benefits package to include Flexible Time Off (FTO) for salaried positions, health, dental, vision, investment savings plan, and additional miscellaneous benefits.

CORE RESPONSIBILITIES:  To perform the job successfully, an individual must be able to perform each essential duty satisfactorily.

• Work with the business, engineering, and product management teams to support detailed product inventory and install base data. Maintain this data for the entire product portfolio covering software, IIoT, and, Smart-device suites
• Conduct risk-based vulnerability assessments for a wide range of products, including embedded devices, enterprise software solutions, and mobile apps
• Build, maintain, and measure response plans for vulnerabilities and customer incidents involving Xylem products
• Establish external relationships to assist in responding to product events with government entities, industry groups, suppliers, and customer security teams
• Provide guidance and leadership on best practices regarding vulnerability and incident response
• Design tabletop exercises around product vulnerabilities and incidents to train engineering, product management, and executive leadership on responding to product related events
• Lead product related activities during tabletop exercises, vulnerability assessment, and customer incidents
• Expert level operational support for security escalations from customers
• Support other Xylem product security shared service delivery as needed

Additional Responsibilities:

• Own and manage PSIR and Product Vulnerability tickets throughout ticket lifecycle
• Manage Product Security mailbox
• Support Product Security Leaders with monthly product vulnerability metrics
• Engage in collaboration with Xylem Enterprise IT to advance the maturity of Incident Response, Vulnerability Management and Threat Intelligence
• Support all aspects of Xylem Coordinated Vulnerability Disclosure
• Generate content regarding product security vulnerability and threat information for external and internal websites

QUALIFICATIONS**:**

• BS in Computer Science or Information systems or relevant concentration or relevant and equivalent business or IT experience.
• 5-years of experience in cyber security
• Demonstrated expertise in product/application security architecture, Network security, application security, incident response methodologies
• Demonstrated expertise assessing vulnerabilities in industrial products and coordinating vulnerability disclosures
• Hands-on experience with security testing tools
• In-depth experience assessing security vulnerabilities including those found in the OWASP Top 10, IoT Top 10, and CWE Top 25
• Knowledge of secure infrastructure architectures, application architectures, encryption, Cloud Security and broader security technologies.3

Preferred Qualifications:

• Relevant cyber security certifications
• Scripting skills (i.e.: Ruby, Python, Perl, shell scripts)
• Experience with cloud IaaS security operations
• Valuable: Preferred: forensic analysis skills

DAY IN THE LIFE**:**

In this role, the working environment is generally in an office setting and may be performed remotely.  The physical demands may include but are not limited to moving around in an office environment, frequent oral communication, close vision, and ability to operate office equipment.

SALARY:

The estimated salary range for this position is $95,000 to $120,000 plus bonus.   Starting pay is dependent on multiple factors, such as skills, experience and work location, and is not typically at the top of the range.  At Xylem we offer a competitive compensation package with a generous benefit package, including Medical, Dental, Vision plans, 401(k) with company contribution, paid time off, paid parental leave and tuition reimbursement.

At Xylem, we embrace diversity and strive to create avenues where employees feel valued and appreciated through our DE&I initiatives and Employee Resources Groups (ERG).  Xylem is proud to be an Equal Employment Opportunity and Affirmative Action workplace.  Xylem prohibits discrimination, harassment of any kind and does not discriminate in employment on the basis of race, color, religion, sex or sexual orientation (including pregnancy and gender identity), national origin, political affiliation, marital status, medical conditions or disability, genetic information, age, or other non-merit factors.

Join the global Xylem team today!  Xylem is a team creating advanced technology solutions to the world’s water challenges through developing new technologies and services that will improve the way water is used, conserved, and re-used in the future is central to our work. Our products and services move, treat, analyze, monitor, and return water to the environment, in public utility, industrial, residential, and commercial building services settings. Xylem also provides a leading portfolio of smart metering, network technologies and advanced analytics solutions for water, electric and gas utilities.

Disclaimer: The information listed within this job description is designed to indicate the general nature of work expected for this position and shall not be viewed as a comprehensive inventory of all duties, responsibilities, and qualifications required in this position.  Employees must be able to perform the essential functions of the position satisfactorily and if requested, reasonable accommodations will be made to enable employees with disabilities to perform the essential functions of their job absent undue hardship.  Xylem reserves the right to modify this job description or assign other duties to this position as needed.