At Barco IX (Immersive Experiences business unit) we have a heart for technology and a spirit for creativity. We immerse our audiences in experiences they will never forget. The markets for our technologies range from live events, over theme parks and museums to flight simulators. Our IX R&D organization focusses on developing projection and image processing products to make these immersive experiences come to life for our customers all over the world. From inspiring people at the Ghent Light Festival, through bringing digital art to galleries and museums worldwide, to providing visuals at world’s leading concert stages, your work will make it happen!
The function
Barco is looking for a Lead Product Security Engineer for the Immersive Experiences Business unit.
The “Product Security Engineer” (PSE) is part of the “First Line of Barco Cyber Defense” within the Business Unit and manages technical aspects of product related security & privacy risks, aligned with the corporate strategy managed by the Security Office (second line of defense). The PSE reports to R&D management.
The Product Security Engineer is responsible for information security and privacy aspects for products within his/her Business Unit on a technical level. The PSE is the first point of contact for all technical security questions from stakeholder functions like R&D. The PSE is responsible for leading and guiding implementation of product technical security & privacy controls, oversee and guarantee adoption of the secure software development lifecycle process, compliance with applicable regulations and informs the management and Security Office about the progress on these domains.
You will be located in Kortrijk, Belgium and interface with an international group of developers based in Belgium, Norway, China and India.
Key Responsibilities
Engineering:
Set up and maintain a cyber security roadmap together with the Product Owner Rationalize the need for technical security controls to engineering teams and system architects Provide security insights and guidance to R&D at both an architectural level and a highly technical level Own and maintain technical and process security controls in the design and development phases, e.g: Threat modeling Security features refinement Code review process Application security testing (SAST, DAST, …) Vulnerability management (e.g. of open source packages) Vulnerability scanning (tooling and configuration)
Ecosystem:
Organize, follow up and provide support during product penetration tests executed by external partners Take ownership of incident response management and vulnerability disclosure processes Take ownership for ISO 27001 ISMS/audit product development related subjects Create security whitepapers of the different product lines Be the key contact point for security/privacy related topics during pre-sales phase Stay up to date with latest security/privacy technologies, trends and regulations and translate impact to the business stakeholders Inform BU management and Security Office about the state of security per product
Your profile
Education:
Master's degree in IT or information security, or equivalent by experience Preferably holder of certifications like GIAC, CISSP, CISM, …
Experience:
At least 5 years of experience in information security management with a software development or software testing background Experience with agile development process across international teams Proven experience with leading a heterogeneous group of stakeholders through threat modeling, utilizing STRIDE or other frameworks Experience with management of 3rd party vulnerabilities through analysis of Software Bill of Materials (SBOM)
Technical knowledge and competencies:
Solid understanding of security protocols, security attack pathologies, cryptography, authentication, authorization and best practices Excellent knowledge of the Common Vulnerability Scoring System (CVSS) and its application Familiar with ISO 2700x frameworks and risk assessment/treatment Familiar with OWASP project (Top 10, ASVS, SAMM, …) Knowledge of Embedded devices is a plus Working knowledge of Python, C++ and JavaScript (Rust is a bonus)
Soft Competencies:
Highly motivated individual with a genuine enthusiasm for information security and technology Eager to stay up to date with latest technologies Customer centric mindset Good verbal and written communication skills in English Good presentation, facilitation, and interaction skills, including ability to effectively communicate risks, issues and concepts to multiple organization levels Ability to prioritize workloads and to know when to seek guidance
Our offer:
You will work in an open and international culture.
In this stimulating and challenging environment, we offer you competitive compensation and benefits, including:
A competitive salary package A company car Bonus system Group insurance Health insurance Meal vouchers Hybrid working culture 20 legal holidays + 12 compensation days (Pro-rata) Continuous learning opportunities A modern and state of the art working environment