Cybersecurity Lead - Product Security (Network Hardware & OS)

About The Position

Requirements

• Threat Modeling: Mastery of threat modeling methodologies (STRIDE, PASTA) to identify design flaws early in the development cycle.
• Hardening: Expert knowledge of OS hardening standards (CIS Benchmarks, NIST) and how to apply them to custom hardware platforms.
• Cryptography: Solid understanding of applied cryptography (PKI, TLS, AES, secure boot chains).Zero Trust: Ability to translate "Zero Trust" concepts 22 into concrete product features (e.g., API security, mutual TLS).
• Innovator: A proactive problem-solver who can balance security requirements with product performance and time-to-market constraints.
• Technical Authority: Capable of earning the respect of hardware engineers and kernel developers through deep technical competence.
• Detail-Oriented: Rigorous in validating that "Secure by Design" is not just a slogan, but a documented and tested reality.
• Product Security: 8–10 years of experience in product security, specifically focusing on network hardware (switches, routers, gateways) or embedded systems.
• Software Development: Strong background in C/C++, Go, or Python, with experience developing or securing Network Operating Systems (e.g., SONiC, Linux-based embedded OS).
• Network Architecture: Deep expertise in network protocols (L2/L3, TCP/IP, VLANs, VXLAN) and network security technologies (Firewalls, ACLs, 802.1X).AppSec Tooling: Proven experience implementing SAST/DAST pipelines (e.g., Snyk, Coverity, Burp Suite) and managing vulnerability disclosure programs.
• Education: Bachelor’s degree in IT, Networking, or a related field (equivalent experience accepted).
• General: CompTIA Security+ or Cisco CCNP Security.

Nice To Haves

• Checkpoint: CCSE (highly preferred)

Responsibilities

• Lead the integration of security gates into the product development lifecycle for network hardware and OS software.
• Enforce the standardized SDLC policy and ensure threat modeling (using frameworks like STRIDE or PASTA) is conducted during the design phase of every new product release.
• Direct the security hardening of the network operating system.
• Define and enforce baseline configurations to ensure the OS is resistant to tampering, implementing controls such as secure boot, kernel hardening, and restricted shell access.
• Orchestrate the "Standardizing Dynamic Testing and Vulnerability Management" initiative for product software.
• Oversee the implementation of Static Application Security Testing (SAST) using tools like Snyk in the CI/CD pipeline and establish a Dynamic Application Security Testing (DAST) framework to identify runtime vulnerabilities.
• Architect product features that support Zero Trust environments.
• Ensure network products support granular micro-segmentation capabilities 12and robust identity integration, moving away from local authentication to centralized, MFA-ready administrative access.
• Manage the product vulnerability lifecycle.
• Establish Service Level Agreements (SLAs) for remediating findings identified during penetration testing and DAST scans, ensuring no critical vulnerabilities ship to production.
• Ensure all product cryptographic implementations align with the "IT Encryption & Cryptography Policy", mandating AES-256 standards.
• Validate the security of implemented network protocols (BGP, OSPF, SSH, TLS) against industry best practices.