We are looking for a DevSec Specialist to establish and drive a security-first culture in two embedded software development teams that are part of a global cluster responsible for digital elevator solutions. This role will be instrumental in integrating security into all stages of the development lifecycle, ensuring compliance with industry regulations, and implementing tools and best practices for secure development.

Key Responsibilities:

• Security Culture & Awareness: Lead the adoption of DevSec principles in the teams, fostering a culture where security is a shared responsibility.

• Secure Development Practices: Define and promote secure coding standards, threat modeling, and best practices for embedded systems security.

• Tooling & Automation: Identify, propose, and implement security tools (e.g., SAST, DAST, SCA, secrets management, CI/CD security integration) to support secure software development.

• Compliance & Regulatory Alignment: Ensure that development practices adhere to elevator industry regulations and global security standards.

• Vulnerability Management: Establish processes for identifying, assessing, and mitigating vulnerabilities in software components and third-party dependencies.

• Embedded Systems Security: Work with teams to implement secure boot, firmware signing, and other embedded security techniques to protect software integrity.

• Collaboration & Knowledge Sharing: Act as the security champion within the global development teams, providing guidance and training on security best practices.

• Security Assessments: Lead assessment processes with specialized security vendors and evaluate the adoption of new security tools to enhance development practices.

Qualifications: 

  Education:

• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or a related field.

Experience:

• 7+ years working as a software engineer for embedded systems, including SSDLC topics.
• Proven experience leading highly technical projects.

Skills:

• Strong knowledge of security best practices for embedded software development (C/C++, Linux, Yocto, RTOS, etc.).
• Experience with security tools such as static and dynamic analysis (SAST/DAST), software composition analysis (SCA), and vulnerability management.
• Understanding of cryptography, authentication mechanisms, and secure communication protocols (e.g., TLS, MQTT security).
• Knowledge of secure development frameworks (e.g., OWASP, NIST Secure Software Development Framework).
• Familiarity with compliance requirements for industrial and IoT security standards.
• Experience working in a global development environment, collaborating with distributed teams across different time zones.
• Strong communication and leadership skills to drive security awareness and training initiatives.
• Familiarity with industrialization processes, certification standards, and global deployment of connected devices.

Soft Skills:

• Strong leadership and decision-making abilities, with an emphasis on technology adoption and strategic vision.
• Highly collaborative with excellent organizational and interpersonal skills.
• Ability to work in a fast-paced, global environment, managing multiple priorities and adjusting to shifting requirements.

Language:

• Proficient English communication skills, both written and spoken.

Preferred Qualifications:

• Master’s degree in a relevant field (business, computer science, engineering, etc.)
• Experience working in a global environment with cross-functional teams.
• Experience in security for IoT or industrial systems.
• Hands-on experience with CI/CD security integration and DevOps security practices, preferably with Bamboo.
• Knowledge of container security (e.g., Docker, Kubernetes).
• Previous experience in a role focused on DevSecOps implementation.

TK Elevator is proud to be an equal opportunity workplace. We are committed to equal employment opportunities regardless of race, ethnicity, gender, religion, sexual orientation, disability status or age.