About company
We are a leading health technology company focused on improving peoples health and enabling better outcomes across the health continuum from healthy living and prevention, to diagnosis, treatment and home care.Vacancy summary details :
- Company Name: Philips
- Location : Bengaluru
- Post Name:System Analyst
- Qualification: CA,Any Graduate
- Experience:05-08+Years
- No of Vacancies: 01
Job description
- The Product Security Services Office – PSSO within the Group Security organization of Philips, helps businesses to implement security by design and to achieve operational excellence for our products and services.
- By protecting systems and (patient) data for our customers, we ensure that Philips products and solutions remain secure and resilient to cyberattacks.
- This strengthens our customers all-important trust in us.
- We are looking for product security risk assessors -Who can run the security by design assessment.
- Individuals in this role will engage with architects, technical leads, RD Engineering teams to ensure the security and privacy considerations are considered in advance during the product development cycle.
- They will review the High-level design, Low-level design and System specification documentation for security consideration and sign them off before the development process begins
Specific job responsibilities include:
- Assess the security and Privacy for software/Product architecture – guide the product architects to ensure security is built in to at the design level itself
- Assist Philips business units in the development and implementation of product security and Privacy practices including policies, standards, guidelines, and procedures.
- Participate in, release Plan events, Scrum meetings, Product demos, product design and architectural discussion to ensure Security and Privacy throughout the development lifecycle
- Verify that security and privacy requirements defined in the security plans, policies, and procedures are followed and protection measures are functioning as intended.
- Conduct security and privacy reviews to determine compliance.
- Guide the business unit in their management of the resolution of security audit or review findings.
- Provide security risk management and security advice as well as advice on strategic direction relating to product and information security.
- Work with deployment/operations information security officer to proactively and cooperatively communicate and mitigate risks.
- Assist with security incidents and review risk and impact of breaches to protected systems.
- Participate in architecture and design of services providing information and product security advice.
- Review proposed services, engineering changes, and feature requests for security implications and needed security controls.
- Ensure risk reports and KPIS to the management
Required experience
- ~5-8 years of security experience(for Specialist) and 10 to 12 for Senior Specialist role, including responsibility for the security of a software application and IT infrastructure including defining product security roadmap
- Product/Information security experience in all phases of service development and deployment including architecture, design, development, testing, release, and operational maintenance
- Incident management, including analysis and response
- Experience in designing security solutions.
- Experience in assessing security of-iaas, paas, saas platforms would be helpful
- Sound understanding of Cryptography, various Encryption Algorithms, Public key Infrastructure (PKI) and Certificate Authority (CA).
- Global working experience in enterprise application development Cloud Computing
- Technical leadership experience in the Software Security field.
- Experience and knowledge of penetration testing methodologies and tools.
- Conducting information security analyses, audits, and reviews
Preferred experience
- Experience in the healthcare sector and HIPAA
- Experience leading change management systems
- Experience with NIST 800-53
- Ideal candidate would have worked on the software development initially and then graduated in to either -S/W architecting/security assessments ensuring security in the product design
Required skills
- Excellent Cyber Security capabilities
- Strong knowledge of secure software development lifecycle and practices such as threat modelling, security reviews, penetration tests, and security incident response
- Understanding of security by design principles and architecture level security concepts
- Exposure to privacy requirements
- Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities
- Excellent communication and leadership skills
- Strong interpersonal skills with the ability to facilitate diverse groups, help negotiate priorities, and resolve conflicts among project stakeholders
- Understanding of Security RFCs, ability to craft security testing scenarios for the underlaying product features.
- Knowledge of current privacy global regulatory landscape and self-regulatory frameworks including but not limited to GDPR, HIPAA, ISO, EU data protection
preferred skills
- Sound security engineering knowledge ( technical) so as to work collaboratively with the Tech Leads and software/products architects to ensure secure Products
- Knowledge of information system architecture and security controls (e.g., firewall and border router configurations, wireless architectures, specialized appliances)
- Sound implementation Knowledge of Cryptography, various Encryption Algorithms, Public key Infrastructure (PKI) and Certificate Authority (CA), OATH authentication, 2FA
Preferred certification/s
- Certifications in security and privacy demonstrating deep practical knowledge such as CSSLP, CISSP, CISM, CIPP, CIPT, CIPM,or SABSA
