Product Security Engineer

Company Description

We Are Bosch.

At Bosch, we shape the future by inventing high-quality technologies and services that spark enthusiasm and enrich people’s lives. Our areas of activity are every bit as diverse as our outstanding Bosch teams around the world. Their creativity is the key to innovation through connected living, mobility, or industry. Bosch Home Comfort is a leading source of high-quality heating, cooling, and hot water systems. At Bosch Home Comfort we are committed to reinventing energy efficiency by offering smart products that work together as integrated systems and enhance quality of life in an ultra-efficient and environmentally friendly manner.

Let’s grow together, enjoy more, and inspire each other. Work #LikeABosch

• Reinvent yourself: At Bosch, you will evolve.  
• Discover new directions: At Bosch, you will find your place. 
• Balance your life: At Bosch, your job matches your lifestyle. 
• Celebrate success: At Bosch, we celebrate you. 
• Be yourself: At Bosch, we value values. 
• Shape tomorrow: At Bosch, you change lives. 

Come Join us in Watertown, MA and learn how we work #LikeABosch!

Job Description

As a product security engineer you will play a key role in the evaluation, support, management, and implementation of cybersecurity measures pertaining to HVAC control and communicating systems for Bosch Home Comfort North America. The selected individual will possess some experience in the design and validation of security services executing on different hardware platforms. He or she will assume the role of Security Manager for current and future projects, and be responsible for security feature implementation according to the product life cycle for various HVAC connected systems.

Job Responsibilities

• Security reviews for new features, products, technologies, and services.
• Secure design, architecture, implementation, and penetration testing of HVAC connectivity systems (i.e. IoT devices, AWS cloud, Mobile App).
• Secure development life-cycle (SDLC) practices including threat modeling and security testing.
• Influence decision-makers and stakeholders throughout the organization across project teams to achieve a consistently high security bar.
• Assist in security review engagements and lead remediation efforts.
• Create security guidance and documentation (e.g. Security Concept) for development.
• Develop and deliver security training and outreach to internal development teams.
• Develop and improve metrics that drive desired behavior and security outcomes.
• Identify pressing security problems that are amenable to automatic detection. Work to implement new detection techniques and tools.
• Ensure that detected security issues are treated with a level of urgency that reflects their true risk.
• Investigate security issues and identify opportunities for detecting or preventing similar issues with automation.
• Provide guidance to the Regional Business Unit Engineering and third-party development teams on secure coding and development practices.

Qualifications

Basic Qualifications:

• Bachelor of Science in Computer Engineering, Computer Science or a related technical discipline.
• 5+ years of experience with any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security.
• 5+ years knowledge and understanding of security engineering, system and network security, authentication and security protocols, cryptography, or application security

Preferred Qualifications:

Technical Skills

• Desired experience working in the HVAC/Refrigeration industry, with a familiarity of existing HVAC residential and commercial equipment, systems and suppliers.
• An advanced degree is preferred.
• Demonstrated experience collaborating with other security engineers and developers to deliver complex projects.
• Knowledge and experience with cryptography and computer security.
• Knowledge of full life-cycle software engineering practices including coding standards, testing, source control management, and operations.
• Strong demonstrated knowledge of web protocols, common attacks, and an in-depth knowledge of operating systems (OS) tools and architecture.
• Experience with virtualization technologies, especially with AWS services.
• Relevant industry certifications (e.g. AWS Certified Security) a plus.
• Familiarity with Bosch Security Engineering Process (SEP), or similar process, a huge plus.

Soft Skills

• Ability to work with geographically dispersed teams and a diverse cultural environment.
• Maturity, judgment, negotiation/influence skills, analytical skills, and leadership skills.
• Ability to quickly come up to speed on new projects.
• Experience in a startup or high-growth environment is highly desirable.
• Strong communication skills, both written and verbal, with both internal team members and external business stakeholders.
• Able to communicate and present complex technical concepts across technical and non-technical organizations.
• Ability to work with minimal supervision in a lean and fast paced environment.
• Ability to identify a clear set of tasks needed for project planning.
• Creativity and ability to learn quickly are essential.
• Excellent collaboration and teaming skills.

Additional Information

Indefinite U.S. work authorized individuals only.  Future sponsorship for work authorization unavailable.  

In addition to your base salary, Bosch offers a comprehensive benefits package that includes health, dental, and vision plans; health savings accounts (HSA); flexible spending accounts; 401(K) retirement plans with an employer match; wellness programs; life insurance; short- and long-term disability insurance; paid time off; parental leave, adoption assistance; and reimbursement of education expenses.

Learn more about our full benefits offerings by visiting: www.myboschbenefits.com. Pay ranges included in the postings generally reflect base salary; certain positions may include bonus, commission, or additional benefits.

Equal Opportunity Employer, including disability / veterans.  

*Bosch adheres to Federal, State, and Local laws regarding drug-testing. Employment is contingent upon the successful completion of a drug screen and background check. Candidates who have been offered the position must pass both screenings before their start date.