HiringCafe
Posted 3w ago

Product Security Specialist

@ HBK
View All Jobs
Chennai, Tamil Nadu, India
OnsiteFull Time
Responsibilities:Lead threat modelling, Risk assessment, Vulnerability assessment
Requirements Summary:Security across multiple product types; threat modelling (STRIDE, TARA); vulnerability management; secure coding; ISO 21434, IEC 62443, NIST SP 800-series familiarity; Linux/Java/C/C++; cryptography; communication with stakeholders.
Technical Tools Mentioned:C++, Java, Linux, QNX, ISO 21434, IEC 62443, NIST SP 800 series, Cryptography
Save
Mark Applied
Hide Job
Report & Hide
Job Description

Role Overview 

The Security Specialist supports product cybersecurity by driving securebydesign practices across HBK’s diverse product portfolio, including web, desktop, SaaS, cloud, embedded, and firmware solutions. The role leads threat modelling and risk assessment activities, performs vulnerability analysis, and supports Cyber Resilience Act (CRA)–aligned compliance initiatives. Acting as a trusted advisor and handson expert, the Security Specialist ensures that security principles are embedded throughout the entire product lifecycle, requiring deep expertise in security concepts, risk assessment, threat modelling, and modern development practices. 

Key Responsibilities 

  • Lead threat modelling and risk assessment activities using STRIDE and TARA methodologies, aligned with industryspecific standards such as IEC 62443. 

  • Derive productspecific security goals based on threat modelling and risk assessment outcomes, serving as direct input for penetration testing scope and objectives. 

  • Support vulnerability assessment, remediation tracking, and continuous risk reduction across products. 

  • Promote secure coding practices and provide source code and configuration review support to product teams. 

  • Coordinate and support security testing activities, including SAST, DAST, penetration testing, and fuzzing. 

  • Maintain security documentation, evidence, and artefacts required for EU CRA compliance. 

  • Integrate security into software development processes by leveraging modern security tools and frameworks (e.g., static code analysis, fuzzing, security testing frameworks). 

  • Ensure the correct application of cryptographic techniques for data protection. 

  • Support compliance with relevant security standards and regulations, including ISO 21434 (Automotive), IEC 62443 (Industrial), NIST SP 800 series, EU Cyber Resilience Act (CRA), and ISO 27001. 

  • Guide product teams in implementing security controls required to achieve and demonstrate EU CRA compliance. 

  • Actively review code and system configurations for vulnerabilities and coach teams to prevent recurring security issues. 

  • Provide guidance on hardware security measures, including the use of Secure Hardware Modules (SHM). 

 

Qualifications 

Education: 

Bachelor's or Master's degree in computer sciences, Cyber Security or some other engineering degree. 

Required Experience and Skills 

  • Proven experience in security across multiple product types (web, desktop, SaaS, cloud, embedded, firmware). 

  • Deep technical understanding of security concepts (IAM, Secure Access, Secure Boot, Secure On board communication Encryption, Secure Coding Practices etc). 

  • Hands-on experience in Threat Modelling (STRIDE), Risk Analysis (TARA), Vulnerability hunting and source code reviews. 

  • Familiarity with one or more recognised security standards and regulations, such as EU CRA (Cyber Resilience Act), CSMS, UNECE R156/R157, ISO 21434 (Automotive), IEC 62443 (Industrial Control Systems), ISO 27001, and NIST SP 800 series 

  • Strong background in modern software development (C++, Java) on Linux/Android. 

  • Understanding of cryptographic fundamentals and secure hardware concepts. 

  • Strong expertise in both System and SW Engineering 

  • Expert in Requirement Engineering and requirement based development 

  • Good understanding of different architectures, operating systems(Linux/QNX/Microsar), hardware & software security concepts, cryptography, debugging techniques 

  • Experience in interfacing with customer and review of customer requirements with a focus on cybersecurity impacts. 

  • Excellent communication skills to effectively engage with engineering teams, customers, and stakeholders.