Senior Embedded Cybersecurity Engineer
LHP Engineering Solutions · Columbus, IN · 1 mo ago
On-siteInformation TechnologyFull-time
About the role
LHP Engineering Solutions seeks a Senior Embedded Cybersecurity Engineer to lead cybersecurity initiatives for connected, firmware-based products in Columbus, IN. The role involves working closely with various teams to ensure secure product development and operations.
Responsibilities
- Serve as the cybersecurity subject-matter expert in new product development (NPD) firmware activities and cross-functional project meetings.
- Provide cybersecurity and IT operational guidance to firmware, platform, and IT teams on secure design, coding, configuration management, and deployment practices.
- Manage cybersecurity aspects of Azure build/CI/CD pipelines, including Azure DevOps (ADO), Azure Key Vaults, and key/certificate lifecycle management.
- Lead and document cybersecurity risk assessments for critical assets (embedded devices, cloud services, mobile applications, manufacturing systems, and supporting IT infrastructure).
- Perform cybersecurity assessments (Ex: RED EN-18031 and CRA assessments) on targeted products and coordinate remediation with engineering teams.
- Develop, implement, and maintain cybersecurity policies and processes for IoT products across development, production, manufacturing, operations, and post-deployment support.
- Create and maintain cybersecurity work products and evidence to support ISO 27001 certification and other relevant standards.
- Review, triage, and drive closure of Azure ADO tickets related to cybersecurity implementation and vulnerabilities.
- Coordinate and provide technical guidance for penetration testing of embedded devices, mobile applications, and cloud services; review findings and drive remediation plans.
- Maintain awareness of industry trends, standards, and regulations related to embedded/IoT cybersecurity and provide recommendations to improve architectures, controls, and processes.
Requirements
- B.S. or M.S. in Electrical Engineering, Computer Engineering, Computer Science, Cybersecurity, or a related field.
- 5+ years of experience in embedded, IoT, or OT cybersecurity, including hands-on work with firmware-based products.
- Demonstrated experience with Azure DevOps (ADO) pipelines and Azure Key Vault (or similar CI/CD and secret-management platforms), including key and certificate lifecycle management.
- Strong background in cybersecurity risk assessment and management (e.g., threat modeling, risk analysis methods) and familiarity with ISO 27001 and at least one of ISO 21434 or IEC 62443.
- Solid understanding of embedded hardware/software interactions, secure boot concepts, and common attack vectors against embedded and IoT devices.
- Experience with communication protocols used in automotive, material handling, or industrial systems (Ex: CAN, LIN, Ethernet/TCP/IP, industrial fieldbuses).
- Proven ability to collaborate with multi-disciplinary teams (firmware, IT, DevOps, manufacturing, suppliers, and leadership) and communicate complex cybersecurity topics clearly to non-experts.
- Strong documentation, ticketing, and organizational skills.
Desirable Competencies And Experience
- Experience performing or leading assessments against RED EN-18031 and/or EU Cyber Resilience Act requirements.
- Prior experience supporting ISO 27001 certification efforts, including creation of policies, procedures, and audit evidence.
- Experience coordinating third-party penetration tests and managing remediation programs.
- Knowledge of hardware security modules (HSMs), secure elements, and secure boot implementations for embedded devices.
- Familiarity with automotive/industrial safety and quality standards (Ex: ISO 26262, ASPICE) and their relationship to cybersecurity.
- Professional certifications such as CISSP, CSSLP, CEH, or comparable credentials.