Emerson - Cyber Security Engineer - SAST/DAST

Job Description :

In This Role, Your Responsibilities Will Be :

- Analysis of UML diagrams and DFDs/Threat Models for security flaws and detailing specific recommendations in software and system setup to address them.

- Mentoring of developers on security topics and coding.

- Develop and deliver trainings to developers and management on security topics.

- Analyzing requirements and performing code review for security flaws.

- Establish direction for security requirements in our custom hardware and software.

- Collaborate with other internal security groups across multiple divisions, at different levels, and in multiple international locations, as well as 3rd parties.

- Continuous improvement of security processes via observation and measurement of project performance, and making updates to improve accuracy, reduce overhead, while maintaining compliance with IEC 62443 3-3 and 4-1 standards.

- Participate in audits for standards compliance.

For This Role, You Will Need :

- Bachelor's degree in Computer Science, Computer Engineering Or Master's degree in Computer Science, with a minimum of 6 years of relevant experience.

- Candidate must have hands-on, professional coding experience.

- .net, c#, vb.

- .net, Angular, React, Database: SQL Server, Mongo DB, Cosmos DB.

- Experience building Azure DevOps pipelines.

- Create and guide the creation of security documentation.

- Experience with design, develop and testing web-based applications (on-prem/cloud).

- Understanding of SDL/secure software development lifecycle practices.

- Practical experience in software and security design principles.

- Experience performing application-level threat modeling and code review.

- Excellent interpersonal skills.

- Excellent written and verbal communication skills.

- Ability to clearly communicate technical information to a wide range of audiences.

- Current knowledge of malware trends and current cybersecurity issues.

- Experience with PKI/Certificates, Cryptography.

Responsibilities :

- Partner with software engineering teams to embed cybersecurity principles into product design.

- Conduct threat modeling and support architectural risk assessments for applications.

- Define and document security requirements in alignment with ISA/IEC 62443-4-1 and 62443-3-3.

- Support the implementation and validation of security controls across the SDLC.

- Guide teams in adopting secure coding practices, security testing, and supply chain security.

- Review design documents, code, and infrastructure-as-code for potential security risks.

- Collaborate with QA and DevOps to ensure security test coverage (e.g., SAST, DAST, dependency scanning).

Required Qualifications :

- Strong understanding of web application security principles and common vulnerabilities (OWASP Top 10).

- Experience conducting threat modeling using the STRIDE framework.

- Familiarity with secure SDLC practices and security engineering within Agile teams.

- Working knowledge of ISA/IEC 62443-4-1 (secure development lifecycle) and 62443-3-3 (system security requirements).

- Ability to communicate security risks and mitigation strategies to technical and non-technical audiences.

Preferred Qualifications :

- Experience with DevSecOps practices and integrating security tools into CI/CD pipelines.

- Hands-on experience with tools like Burp Suite, Black Duck, Coverity, Bright, Nessus, Aqua, WIZ or similar.

- Familiarity with cloud-native application security (Azure).

- Knowledge of FSA (SSA-311): System Security Assurance Functional security assessment for systems.