Skip to main content

Cyber Security Engineer

The cyber security engineer is knowledgeable in product-related security issues and assists other roles in writing cyber security requirements, assisting with secure design, secure coding practices, security testing of software for products or systems, and assisting the product maintenance, e.g., with vulnerability handling.

Description

​The main work of a cyber security engineer is to assist system and development streams and software-, hardware-, and test engineers with product-related security issues and solutions.

Collaboration is an integral part of the job, as the cyber security engineer may be consulted by managers, customers, and developers to solve technical challenges and determine the requirements of the software system.

Products and components must be compliant with ABB's Minimum Cyber Security Requirements for Products  (9ADB005793). Apply, when applicable, Cyber Security Requirements for Project Deployment (9ADB006087) and Minimum Cyber Security Requirements for Service (9ADB007833).

Responsibilities

  • Regularly inform and train employees in cyber security.
  • Assist product management in capturing customer-driven product requirements on cyber security.
  • Ensure that cyber security practices are followed (e.g., security assessment, threat modeling, static code analysis, system validation, DSAC testing, reviews, etc.).
  • Define and document the security architecture of the product.
  • Ensure 3rd party software (e.g., open-source) are validated for cyber security. This includes monitoring and managing security updates of the 3rd-party software.
  • Ensure that used tools (e.g., static code analysis) are configured and updated according to recommended security guidelines.
  • Ensure test systems are installed with appropriate security settings and security updates.
  • Ensure compatibility between the products and 3rd party security products is validated (e.g., antivirus software or application white-listing software).
  • Provide input about security recommendations to user documentation.
  • Ensure cyber security deviations and issues are resolved, and when necessary, escalate issues to the cyber security manager.
  • Ensure discovered vulnerabilities are managed according to the vulnerability handling process, including support for publishing the related field communication.