IT Product Owner - Cyber Security Testing (Red/Purple Team)
What's the role?
You will be part of the Global Cyber Risk, Control & Assurance team and will take end-to-end ownership of all aspects of cybersecurity testing in Hilti. As a product owner you will provide thought leadership to infrastructure teams, application teams, the security champions community and also to external providers. This is a very versatile and important role in IT and in cybersecurity and beyond as we follow the credo of “testing, testing, testing”.
Who is Hilti?
If you’re new to the industry, you might not have heard of us. We provide leading-edge tools, technologies, software, and services for the global construction sector. We have a proud heritage, built over more than 75 years, and a worldwide reputation for pioneering products and exceptional service. With some 30,000 people in more than 125 countries, which we are looking to expand, we’re a great place for you to show us your worth, step up to new challenges and grow your career.
Global IT within Hilti is a truly global team with main hubs in Buchs (Switzerland), Kuala Lumpur (Malaysia) and Plano/Tulsa (USA). All locations have highly competent teams who work very closely together. Hilti`s Global IT team is known for their focus on sustainable value creation by translating latest IT innovations into value creating solutions & services and this is also the home of the Chief Cyber Security Officer Organisation.
What does the role involve?
- You will budget, plan and deliver application/platform penetration tests (SAST), technical vulnerability assessments (network, infrastructure, cloud, OT, ICS, IIoT, IoT), code security reviews, mobile application security reviews, software composition analysis (SCA), web application scanning (DAST) across all IT locations on a global scale.
- You will coordinate red/purple teaming assessments and attack simulation in close alignment with the Head of SOC and the Blue Team Leader and other internal customers.
- You will build up and orchestrate the bug bounty program of Hilti.
- You will facilitate the annual testing program, define service levels, manage third parties and ensure actionable reporting are available and will take care that necessary remediation is being planned for and executed timely.
- You will define and formalize “security as code” practices.
- You will functionally lead and develop the Penetration Tester in the team who will also be your deputy.
- Together with the SW security community manager, you will help to educate the SW developer community (internal and external).
- Together with the PO Training and Awareness you will define content and format for target-audience specific training.
- Together with the PO IT Risk Management, you will define key controls applicable for cybersecurity testing for all Hilti IT units and external suppliers.
What do we offer?
We’ll give you the tools you need to excel in your role. You’ll enjoy a rare combination of autonomy and collaboration across teams, as you’ll manage your own agenda while being part of a friendly and outgoing team. We’ll trust you to do whatever it takes to deliver outstanding results. Go the extra mile and we’ll reward you with strategic development discussions and career opportunities.
Why should you apply?
We strongly believe that cybersecurity is a business enabler and that there is no digital transformation without secure code. We are aware that most cyber-attacks originate exploiting known SW bugs that should have never been put into production in the first place and we want to change that. We work in classical IT environments but also in IoT and OT environments where we anticipate a lot of technological progress and capability building in the future. We offer generous training and education possibilities and access to a worldwide network of technology specialists.
What you need is:
- Master’s degree in computer science, SW development, cybersecurity or a related technical discipline related to information security
- 5+ years’ experience working in SW development, cybersecurity or related fields
- Proven subject matter expertise in multiple fields of cybersecurity testing & assurance, e.g. SecDevOps, ethical hacking, exploit research, penetration testing and/or application security
- Passion for exploring unchartered territory and curious to try out new things in cybersecurity
- Excellent interpersonal and communication skills
- Knowledge of relevant frameworks (OWASP, OSSTMM, ISO12207, ISO 24748, NIST) and best practices (DevSecOps, SSDLC, Agile)
- Fluent in English (verbally and written)
- One or more of the following: CISSP, GPEN, GWAPT, GCPN or another relevant certification
- Strong “Can-Do” Attitude
- Comfortable to lead virtual teams and other SMEs on a “dotted-line” basis
- Aptitude to focusing on the solution and not on the problem
- A thirst to learn and challenge yourself
- Strong ownership in everything you do
- Previous working experience in the manufacturing industry
- Track record in planning and delivering small to medium scale IT projects
Interested for the role?
Click through the 'Apply Now' button where you will be asked to upload your CV and answer a couple of short questions – the whole process should take around 90 seconds. If we like what we see, you'll be invited to a telephone interview.
If we don't have a suitable role for you at the moment, we will keep you in our talent pool for the future so your recruitment process might take a bit longer but we'll be sure to stay in touch.
Looking forward to hearing from you!