Cyber Security Systems Lead

Schneider Electric USA, Inc. seeks a Cyber Security Systems Lead in Cedar Rapids, IA.

Scale cybersecurity and product security requirements throughout our team’s product portfolio. Independently investigate firmware, software, and hardware designs to identify and address potential cybersecurity vulnerabilities throughout the system development lifecycle. Perform analysis at all levels of the total system product including concept, design, manufacturing, implementation, test, installation, operation, maintenance, and disposal. Create and translate technical requirements into product requirements, generate design outputs to meet product requirements.

Assist in development of security processes and automated tooling that prevent classes of security issues. Conduct security assessments using penetration testing tools such as Burp Suite, Nmap, Wireshark, and Nessus to identify vulnerabilities in firmware, software, hardware, and network components. Solve complex sanitization and asset integration issues, working with system and software leads to meet system requirements. Identify project risks and opportunities and be able to contribute to the mitigations and commercial implications.

Prepare and approve system documentation, including functional specifications, test documents and system support manuals. Ensure the Project Manager/Engineering Team Leader are kept informed of progress and issues for all engineering aspects of the project delivery. Provide support to the CE team to assist with the timely resolution of customer issues. Remote eligible up to 2 days/wk.

• Bachelor’s or Master’s degree in Electrical/Electronic Engineering, Computer Science, or related field; progressive post‑bachelor’s experience (5 years with a Bachelor’s or 3 years with a Master’s) in Firmware Design Engineering for cybersecurity, energy management, renewable energy, residential and smart homes, or solar power sector.
• Experience developing advanced security features:
  Secure Boot, PKI integration, HTTPS/FTPS, device authenticity, firmware signing, secure storage, cryptography, and Privacy by Design.
• Experience designing embedded communication protocols (CAN, I2C, SPI, UART), industrial protocols (Modbus, BACnet, TCP), and wireless protocols (Zigbee, Bluetooth, Wi‑Fi).
• Experience assessing vulnerabilities and performing penetration testing with Burp Suite, Nmap, Wireshark, Nessus, SQLmap, and Defensics.
• Experience implementing security throughout the SDLC, including threat modeling, risk assessment, and using cybersecurity standards and compliance frameworks (IEC 62443, NIST, ISO 27001, GDPR, or CRA).
• Experience using security testing tools such as Coverity, Klocwork, or BDBA.
• Experience applying IEC 62443 cyber‑automation and process‑control standards to assess vulnerabilities and define customer needs.
• Experience evaluating, integrating, and managing free and open‑source software components, vulnerability management, and alignment with organizational cybersecurity policies.
• Experience designing and analyzing system behavior and structure using MBSE tools and methodologies (Cameo, MATLAB).
• Experience developing with Agile design process (Scrum) and programming languages (C, C++, Python, or embedded
  
  C) for software or control of embedded systems.

Schneider Electric is an Equal Opportunity Employer. It is our policy to provide equal employment and advancement opportunities in recruiting, hiring, training, transfer, and promotion for all qualified individuals regardless of race, religion, color, gender, disability, national origin, ancestry, age, military status, sexual orientation, marital status, or any other legally protected characteristic.