IoT/IIoT Cybersecurity Engineer

At TÜV SÜD we are passionate about technology. Innovations impact our daily lives in countless ways, and we are dedicated to being a part of that progress. We test, we audit, we inspect, we advise. We never stop challenging ourselves for the safety of society and its people. We breathe technology, we strive for professional excellence, and we leave a mark. We take the future into our hands. We are looking for an IoT/IIoT cybersecurity engineer, in a hybrid home and laboratory position, headquartered in the UK to strengthen our IOT cybersecurity team.

Your primary objective will be to deliver cybersecurity assessment and certification evaluation of products and components. Examples of the tasks include, but are not limited to; assessment to latest cybersecurity standards, penetration testing (IoT and WebApp), threat modelling, firmware investigation, code analysis etc. This service will be provided to external clients, who will predominantly be manufacturers of wired and wireless IoT/IIoT devices.

You will be part of a dynamic, professional global team whose core values include operating with integrity, being solutions orientated and being committed to building and sustaining long-term relationships with our customers. You will regularly engage with customers and attend to customer requirements and, using your technical expertise, you will contribute to the development and scaling of a robust product certification framework. Your role will include testing products as well as contributing to the development of an evolving and dynamic cyber assessment service.

Main Duties & Responsibilities:

• Perform assessments to the latest cybersecurity regulations, standards and guidelines
• Perform security reviews and testing of IOT hardware devices, including application design, embedded software, web applications, web services and mobile applications to bespoke test programs and the latest regulatory cybersecurity requirements
• Hardware penetration testing
• Skilled in the use of the appropriate software tools used in assessments and penetration
• Engage with customers, understand their products and assessment requirements, and define bespoke test programs based upon our customer needs
• Actively contribute to the development of the TUV SUD security program with a focus on IIoT/IoT devices
• Participate and contribute on global cybersecurity regulatory standards committees
• Provide training to customers on the interpretation of regulatory standards and best practice
• Fluent written and spoken English (other language skills would be desirable)

Essential Criteria:

• Relevant Cybersecurity qualification, preferably a cybersecurity degree (BSc/MSc/PhD) or equivalent cybersecurity qualification
• Experience in a penetration testing (SW/HW) or similar offensive security
• A commitment to customer service excellence
• Strong analytical skills and efficient problem solving
• Ability to work unsupervised, under pressure and meet deadlines
• Creative with strong commitment to quality and excellence

Desirable Criteria:

• Assessment experience to EN 18031-x series of standards, NIST 8259, NIST CSF, etc
• Additional cybersecurity credentials such as OWASP, OSCP, CISSP etc
• Knowledge of security architecture design and applying regulatory guidance on cybersecurity assessment methodologies for risk management
• Practical knowledge with the development and implementation of electronic, network, or data security related controls (encryption, digital signatures, secure boot, access control, password management)
• Understanding how to implement security activities such as vulnerability and patch management, threat intelligence etc
• Hands-on practical knowledge with reverse engineering and/or vulnerability testing tools and techniques
• Experience in common scripting languages such as Python, Ruby, LUA, Powershell or BASH and at least one development language e.g. Java, C, C# or similar would benefit the role
• Experience in product development and testing

Further Information:

TÜV SÜD in the UK offers a competitive salary and benefits package that includes a minimum of 33 days holiday entitlement (for full-time employees, including public holidays), a contributory Group Personal Pension Plan and a non-contributory Group Life Assurance Scheme. We also offer various Salary Exchange/Sacrifice schemes (buying/selling holiday, cycle to work scheme, pensions), incentive schemes and comprehensive wellbeing support (Employee Assistance Programme, Dental Scheme and Occupational Health services). Dependent on their role, employees may also be eligible for hybrid/permanent home-working, a Company Car/Car Allowance and Private Medical Insurance.

At TÜV SÜD, we have employees from more than 100 different countries collaborating together. People of different backgrounds, skills, and pursuing different life goals. Our strength comes from these countless and varied perspectives. We are committed to be an inclusive and diverse workplace by welcoming people of all backgrounds. We want Diversity & Inclusion (D&I) to be a foundation of our company and create an environment where all our employees can trust they will be treated with respect, regardless of gender, nationality, ethnic background, faith, beliefs, disabilities, age, sexual orientation, or identity. As such, our employees are expected to behave at all times in a manner consistent with TÜV SÜD Code of Ethics and Company values. We firmly believe embedding D&I in the heart of what we do will inherently contribute to the success of TÜV SÜD.