Application/Product Security EngineerAt ABB, we are dedicated to addressing global challenges. Our core values: care, courage, curiosity, and collaboration - combined with a focus on diversity, inclusion, and equal opportunities - are key drivers in our aim to empower everyone to create sustainable solutions.Write the next chapter of your ABB story.
This position reports to

R&D Unit Lead

Your role and responsibilities

• Security Architecture: Design and implement security architecture and controls for new and existing products.• Secure Coding Practices: Educate and advocate for secure coding practices among development teams through workshops, training sessions, and documentation.• Code Review: Review source code for security vulnerabilities and provide actionable feedback to development teams.• Security Assessments: Conduct regular security assessments, including threat modeling, Attack Surface Analysis, Critical Analysis.• Tool Implementation: Evaluate and implement application security tools (e.g., static and dynamic analysis tools) to automate security testing processes.• Incident Response: Assist in incident response activities related to application security breaches, including root cause analysis and remediation strategies.• Collaboration: Work closely with cross-functional teams, including software developers, DevOps, and IT security, to ensure security considerations are integrated into the development process.• Monitoring and Reporting: Monitor application security metrics and provide regular reports to management on security posture and compliance.

Qualifications for the role

Understanding of programming languages such as C#, Rust, Python, or JavaScript.Proficient knowledge of application security principles and best practices related to secure coding.Thorough understanding of application security principles like network security, encryption, access management and their best practices.Experience with security tools and processes such as SAST, DAST, SCA, and vulnerability scanners (e.g., SonarQube, OWASP ZAP, Nessus, Invicti)Knowledge of security frameworks (e.g., OWASP Top Ten, NIST, IEC 62443, ISO 27001).Knowledge of cloud platforms (e.g., AWS, Azure, Google Cloud) and their security features.Practical Experience with containerization and orchestration tools such as Docker and KubernetesCertifications: Relevant certifications include Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), or Offensive Security Certified Professional (OSCP).Proficient in verbal and written communication, capable of explaining complex security topics in an accessible manner to those unfamiliar with the technical details.

More about us

ABB a provides a comprehensive range of integrated automation, electrical and digital systems and services for customers in the process, hybrid and maritime industries. These offerings, coupled with deep domain knowledge in each end market, help to optimize productivity, energy efficiency, sustainability and safety of industrial processes and operations.We value people from different backgrounds. Apply today for your next career step within ABB and visit www.abb.com to learn about the impact of our solutions across the globe. #MyABBStory