We are seeking Certified Information Systems Security Professional (CISSP) candidates to join our team at Pune.

Major Tasks
Lead and manage product cyber security in high-complexity development projects from acquisition to start of production (SOP) in compliance with ISO/SAE 21434 or UNECE R-155 standards.
Ensure the integration of security requirements into the product lifecycle.

Planning & Development:
Develop and implement comprehensive security activities, including threat modeling, security requirements definition, and secure design practices.
Evaluate development efforts to ensure adherence to security standards and best practices.

Evaluation & Approval:
Review and approve security concepts, architectures, and strategies throughout the development phases.
Conduct security reviews and audits to ensure compliance with security policies and standards.

QCT Targets:
Achieve Quality, Cost, and Time (QCT) targets related to cyber security work products, ensuring efficient and effective security implementations.
Tasks / Areas of Responsibility:

Planning & Guidance:
Independently plan and execute necessary cyber security activities, providing technical guidance and mentorship to colleagues.
Develop and maintain security documentation, including security plans, risk assessments, and test reports.

Risk Analysis:
Perform detailed risk analysis of product scope, identifying and mitigating cyber security risks based on known vulnerabilities and threat intelligence.
Utilize tools and methodologies such as STRIDE, DREAD, and CVSS for risk assessment.

Coordination:
Define and implement a holistic product cyber security concept, ensuring alignment with overall product strategy.
Coordinate with customers, suppliers, and subcontractors to ensure security requirements are met.
Report security status to customers and gather necessary information from subcontractors.

Support:
Assist the development team in selecting and integrating security-compliant technologies and cryptographic procedures.
Provide technical support for security-related issues and incidents.

Verification Methods:
Define and implement verification methods such as fuzzing, vulnerability scanning, penetration testing, and static/dynamic code analysis.
Develop and execute security test plans to validate the effectiveness of security controls.

Assessments & Training:
Prepare and conduct cyber security assessments, including security audits, penetration tests, and compliance checks.
Implement training measures to enhance the security awareness and skills of the development team.

Communication:
Facilitate communication within the global HELLA cyber security network to share knowledge, improve processes, and promote best practices.
Represent the organization in external security forums and working groups.