IoT Security Engineer
Mueller Water Products

Job Info

---

Job Summary:

The Senior IoT Security Engineer will guide our engineering teams in designing and developing secure IoT products. This position will evaluate risk and design security features in wireless radio protocols, embedded devices, and a software stack using the latest technologies. The Senior IoT Security Engineer will report to the Head of Product Security.

Primary Responsibilities:

• Maintain our product security framework - a baseline standard for security features and engineering practices in our Cloud-based SaaS and IoT product offerings
• Create security requirements with product owners for existing and new products spanning over our diverse product lines
• Evaluate existing product line for security vulnerabilities to suggest future improvements
• Assist in the product design of features such as authentication and encryption over radio protocols, radio message signing, secure boot, and secure OTA
• Develop Mueller's IoT security standards by utilizing prior work in product security as a guideline for Mueller's standard
• Support team through the entire product development cycle by performing architecture reviews, threat modeling, code reviews, and pen-testing
• Work with third parties to perform pen-testing on software and hardware products to guide the engineering team to vulnerability solutions
• Performs other related duties as assigned

Qualifications:

• BS Degree in Computer Science, Computer/Electrical/Electronic Engineering or equivalent
• Minimum of 5 years experience in security or product engineering
• Strong communication and collaboration skills
• Experience with Secure Development Lifecycle model (SDLC)
• Knowledgeable in common security protocols and methodologies - TLS/DTLS, symmetric and asymmetric encryption, digital signing, credential storage
• Knowledge of common IoT protocols such as MQTT, COAP, HTTP, etc. and common encoding methods
• Familiarity with common software vulnerabilities and development best practices (CWE, OWASP IoT Top 10)
• Familiarity with embedded system reverse engineering and attack methodologies
• Experience with wireless communications such as Cellular, NFC, Bluetooth/BLE, Lora, Zigbee, 802.11
• Experience security assessments and testing of embedded devices
• Experience securing RTOS's like FreeRTOS and embedded Linux
• Strong experience writing and reading 'C' code and assembly

Preferred

• Strong understanding of IoT security issues and mitigations
• Ability to read a high-level schematic diagram
• Experience with ST and / or Nordic microcontrollers
• Experience monitoring radio communications through software-defined radios or custom radio transceivers
• Experience with one or more scripting languages. Preferably Python.
• One or more security certifications such as CISSP, CEH, or OSCP

We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other category protected by law.

This job has expired.