Sr. Security Engineer (Threat & IoT)

The Security Engineer will be responsible for helping to build and support Threat and Vulnerability Management’s Internet of Things (IoT) security service. This includes threat modeling, risk assessments, security design and review, and product security assessments.

Required Experience:

5

+ Years
Job Locations:

St. Louis, MO

Location Restrictions:

Onsite

Basic Qualifications and

The position will primarily be responsible for supporting and executing threat models, risk assessments,security reviews, creating appropriate documentation, and developer training.They will work closely with product development teams during their life cycles to build in security throughout and potentially test to verify the implemented controls.

They will interface with the Business Group information security and application leaders to provide timely threat models, security assessments, reporting, guidance and assistance with remediation where applicable. 

Responsibilities
  • Threat modeling and risk assessments supporting applications, infrastructure and products
  • Security training and outreach to internal development teams
  • Security architecture, application, and product design reviews
  • Security metrics development, deliver and improvements
  • Security guidance and documentation
  • Test and validate security controls are properly implemented for application, infrastructure and products
  • Projects and research work as needed
  • Security tool assessment and development
Required Skills and Experience
  • Bachelor’s degree in Information Security, Computer Science, Information Systems Management or related field from a 4 year college or university
  • Minimum 3 years of information security management and/or related experience; or an equivalent combination of education and experience of the following: threat modeling, embedded systems and IoT security, web and mobile security, secure software development, cryptography, network security, penetration testing
  • Threat modeling and risk assessment approaches in diverse enterprises, products, and software development styles
  • Experience in performing threat modeling using standards such as STRIDE
  • An understanding or network, web, IoT, and industrial related protocols (such as, TCP/IP, UDP, IPSEC, HTTPS, Modbus, MQTTS)
  • An understanding of web services, and cloud architecture and infrastructure
  • Experience with programming languages (such as C/C++, Ruby, Python, etc.) a plus
  • Strong sense of ownership, ugency, and drive
  • Sharp analytical abilities
Interested in this position?
Fill out the form below!