DevSecOps Engineer - AI Solutions
At Schneider Electric, we are committed to solving real-world problems to create a sustainable, digitized, new electric future. Artificial Intelligence has the potential to transform industries and help unlock efficiency and sustainability. Within our Global AI Hub we combine our long-standing manufacturing and domain expertise with cutting-edge innovation in AI, machine learning, and deep learning to empower smarter decision-making, agility, and decarbonization. At Schneider Electric, we are undergoing a transformative journey by leveraging Artificial Intelligence & Automation technologies to empower users with Machine Learning and Cognitive computing, driving business value. Simultaneously, as the number of cybersecurity threats continues to grow, we recognize the importance of having a comprehensive cybersecurity approach across our solutions to safeguard our business and customers. We seek a cybersecurity professional to join our AI Solutions Engineering team, developing and deploying secure AI solutions. You will also serve as the primary contact, assisting the features/apps teams in achieving cybersecurity compliance for their software component. To ensure a cohesive cybersecurity strategy implemented throughout our AI Hub, you will collaborate closely with the AI Digital Risk Leader. Please note that this role is not for cyber security testing. Experience in building secure applications and achieving secure hosting in the cloud is a must. Your Responsibilities : Developing Secure Solutions: design, develop, and implement secure cloud native software. Ensuring that they meet cybersecurity standards and best practices. This involves writing secure code, implementing encryption techniques, and integrating robust security measures. Conducting Vulnerability Assessments: perform regular vulnerability assessments and penetration testing to identify potential weaknesses or vulnerabilities in software applications and systems. This helps in proactively addressing security gaps and strengthening overall cybersecurity posture. Implementing Security Controls: implement and maintain security controls, such as access controls, authentication mechanisms, and intrusion detection systems. This involves configuring and managing security tools and technologies to detect and prevent cyber threats. Collaborating with Cross-functional Teams: work closely with other teams, such as software development, IT operations, and quality assurance, to ensure that security practices are integrated throughout the software development lifecycle. You will provide guidance and support to these teams to ensure cybersecurity compliance. Execute technical deep dives at a convenient time during the project to help the team to align to any required standards Maintain an understanding of the cybersecurity status of each project and support release FCSRs Report the status to the AI Digital Risk Leader. Stay Updated on latest cybersecurity threats, vulnerabilities, technologies, and industry best practices. Your profile : Master's or Bachelor’s degree in Computer Science, Computer Engineering or related technical discipline. 3+ years of development, process control or IT security experience with a proven ability to engage with management and product development teams. 3+ years of experience with IEC -4-1 Security Development Lifecycle (SDL) practices. Experience guiding and assisting organizations in implementing security product/system development practices. Strong analytical and problem-solving skills. CISSP or CSSLP certification preferred. Ability to align operational/information security policies with business requirements. Experience in securing cloud-native applications, specifically in AWS or Azure, is a must. Exposure to data / ML products would be a must. Business driven with attention to detail, ability to translate operational/information security requirements into security controls. Knowledge of security and privacy standards, regulations, and legislation. Experience in development & working with development teams to review designs, develop threat models, and ensure secure coding practices are followed. Demonstrated ability to develop threat models, analyze threats, and rate threat severity. Experience driving corporate programs using influence, negotiation, and persuasion soft skill set. Ability to effectively adapt to and apply rapidly changing technology to business needs. Knowledge of the Agile processes and workflows Clear communication in English – written and verbal – able to discuss with a wide range of different profiles/cultures/management levels. Team player able to find its place in our metrics organization and lead by influence. Tech-savvy Information Security Professional able to think beyond classic IaaS-based security paradigms: a large part of the IoT offers and platforms is PaaS- or SaaS-based (Azure/AWS) and involves IoT technologies, thus making classic IT perimetric security approaches inefficient. Autonomous and proactive Information Security professional able to propose and implement solution in our agile and fast-moving IoT environment. We know skills and competencies show up in many ways and can be based on your life experience. If you do not necessarily meet all the requirements that are listed, we still encourage you to apply. Our offer includes attractive remuneration and goes far beyond that. We offer competitive benefits, a work environment that encourages professional development, a qualitative onboarding and accompaniment throughout the different stages of your life (training, career opportunities, parenting, flexibility ...), in a great workplace.