Digital Product Software Security Specialist
US - Global IT
No. of Positions
Digital Product Software Security Specialist
US - Global IT
No. of Positions
About the Team
Joining the Stanley Black & Decker (SBD) team means joining one of the world's largest, fastest-growing, and most dynamic companies. Stanley Black & Decker is unique in that we've got a rich and storied history dating back to 1843, but that hasn't stopped us from evolving into a vibrant, diverse, global growth company poised and ready for the future.
Being a part of our team means living our core values of integrity, accountability, respect, speed, stretch, vision, and boundaryless. It means thriving in an environment of constant innovation and positive change. It means delivering tools, services, and solutions that the world counts on when it really matters. It means maintaining the highest standards in everything you do, every day.
It also means joining a team that has been globally recognized as one of the most innovative, sustainable and rewarding companies in the world. With over 50,000 employees world-wide the Company has World Head-Quarters in the US and a Global Emerging Market (GEM) Head-Quarters in Miramar, Florida.
The Stanley Black & Decker (SB&D) Digital Product Software Security Specialist will join a brand new, highly progressive and cutting-edge team at SB&D. The Digital Product Security Team (DPST) is currently being established to support the success of all digital products across the SB&D portfolio of products. This is an opportunity to join at the ground floor of the establishment of the organization and be a part of defining and designing a leading-edge practice. Within the DPST, the Digital Product Software Security Specialist will act as a technical consultant, with a primary objective of setting and executing a Security into the Product Development Lifecycle(PDLC) of decentralized product teams developing IoT and digital product systems. This will include firmware (including a broad range of internet connect devices such as drones, RFID sensors, IoT tools, etc…), mobile applications, REST API integrations, and web portals running on either cloud and on-prem infrastructure. In this role, the successful candidate will build the tool suite and integrate product development touchpoints to ensure secure development (teaching product teams to fish, but also supplying tools for re-use across product teams to enable self-testing real time in the PDLC), and consult on risk levels of vulnerabilities to help product team prioritize their corrective actions per the product vulnerability management standards. In addition, in times of incident response, the Digital Product Software Security Specialist may be asked to contribute to contribute to forensic digital evidence gathering and/or technical response lead.
- Strong consulting skills with an ability to communicate with multiple departments and levels of management to resolve technical and procedural security risks.
- Ability to clearly communicate and report detailed status to senior management and peers.
- Proactively engage various stakeholders in the business unit as appropriate to get their 'buy in' for security initiatives.
- Be successful at influencing changes without direct reporting line authority.
- Demonstrated experience with IoT and Digital Product enabling technologies, including but not limited too:
- Constrained RESTful environments
- IPv6 over a network of resource constrained nodes
- Networking challenges over low power WANs
- Various IoT technical concepts such as JSON, OAUTH, ZIGBEE, and MUD concepts
- Concise Binary Object Representation (CBOR) Object Signing and Encryption
- Cloud Infrastructure
- Plan, develop, implement and maintain overall product development security strategy integrating into the diverse structure of Product Development Lifecycle methodologies across the company.
- Act as a focal point for vendors and act as adoption coordinator with decentralized product teams, for application security scanning technologies
- Assist instrumentation of various product development environments with SAST, DAST, SBOM and other security tooling
- Create procedures and customized configurations appropriate for the desired performance and accuracy of toolset - minimizing false positive reports to engineering
- Evaluate engineering plans and designs to provide feedback related to secure design principles and implementation
- Review code in order to improve software security
- Threat modeling and assessment of products from design to delivery
- Support a culture of engineering the right level of security into products
- Stay abreast of new tools and techniques in software/device security and champion introduction of new approaches
- Work with product teams to interpret results and develop remediation strategies
- Assess and report on the security posture of products within your domain area, and in coordination with other DPST programs to create a comprehensive view
- Automate routine security tasks
- Monitor for zero-day vulnerabilities in deployed third party products and assist in managing the effort to determine exposure globally
- Champion and manage the Responsible Disclosure program and ensure timely responses and remediation plans are made
- Mentor and educate engineering teams on secure development, processes, and approaches
- Perform Security Reviews to assess security best practices are adopted for products
- Provide technical mentorship as needed to up-level the view into the on-going hardening footprint of IoT and Digital Product systems (including all device, web, and mobile components).
- As part of a team of diverse experts, collaborate to drive a common methodology to support consistencies across de-centralized teams.
- May be required to act as a team lead during key initiatives or within domain expertise on day to day operational responsibilities, taking the lead role, and assigning/delegating tasks that will support the success for the initiative or capability.
- Mentoring for JR staff members as well as non-security personnel across the business.
- Individual should have a thorough understanding of cyber security best practices and the ability to effectively apply those practices.
- SAST, DAST, SBOM and other security tooling Applied Threat Modeling methodologies
- Variety of coding languages and applications in support of the various stack layers of IoT technologies
- Other duties as required.
- The successful candidate should have 6+ years experience in cyber security or technology and at least 3 of those in a role performing penetration testing hands on.
- Exceptional verbal, written and presentation skills are required.
- Ability to manage relationships with senior executives.
- Ability to create technical plans across engineering organizations.
- Self-starter with the demonstrated ability to drive engagement and cooperation across de-centralized teams.
- A sense of urgency.
- Ability to prioritize.
- Ability to balance conflicting priorities.
- Ability to articulate technical topics to non-technical personnel.
- Professional designations are preferred including: CISSP, or various technical designations.
Requisition Number 66674BR Function
- A Bachelors Degree in Computer Science, Engineering or related discipline is required. A Masters Degree is desirable.
Information Systems City
Atlanta EEO Statement
All qualified applicants to Stanley Black & Decker are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran's status or any other protected characteristic. Featured Category on SBD Careers
Data & Emerging Technology (IT, Data Science, Data Analysis)