Job Description

About BarcoBarco designs technology to enable bright outcomes around the world. Seeing beyond the image, we develop visualization and collaboration solutions to help you work together, share insights, and wow audiences. Our focus is on three core markets: Enterprise (from meeting and control rooms to corporate spaces), Healthcare (from the radiology department to the operating room), and Entertainment (from movie theaters to live events and attractions). We have a team of 3,600 employees, located in 90 countries, whose passion for technology is captured in 400 granted patents. As part of BCR Software Development group at Barco our vision is to be a world class software team partnering with our businesses to offer successful software solutions and outcomes that delight our customers and set the trend in our dynamic markets.BCR (Barco Control Rooms)The Barco Control Rooms business unit is making workflow and visualization solutions for the Control Room market since 1994 to help operators collect, visualize and share critical information for optimal mission-critical decision making. Today, we are still the number one choice for control room professionals who want to stay on top of their situational awareness with 12000+ installations for critical infrastructure and critical operations.Barco CTRL is our latest flagship software product. It is a simple, scalable and secure platform, that gives an operator full control over the information flow in an easy and intuitive way for faster and efficient decision making.About the RoleLead and mentor the group of R&D Security Champions and take ownership of the groups\' meetings and activitiesProvide security insights and feedback to R&D at highly technical level (e.g. during code reviews)Lead R&D teams during threat modeling exercises and security risk analyses during design/development phasesChallenge R&D teams and system architects about the why and how technical security controls should be integratedDesign and document technical security controls in different product linesOwn and maintain process security controls in the design and development phases, e.g:Threat modelingCode review processApplication security testing (SAST, DAST, \xe2\x80\xa6)Vulnerability management (e.g. of open source packages)Vulnerability scanning (tooling and configuration)Provide security support during product penetration tests executed by external partnersTake ownership of incident response management and vulnerability disclosure processesTake ownership for ISO 27001 ISMS/audit product development related subjectsContribute to the creation of security whitepapers of the different product linesKey contact point for security/privacy related topics during pre-sales phaseStay up to date with latest security/privacy technologies, trends and regulationsInform Security Office about the state of security per productQualifications and ExperienceEducation:Bachelor\'s/Master\'s degree in IT or information security, or equivalent by experience.Experience:At least 5 years of experience in information security management with a software development or software testing backgroundExperience with agile development process across international teamsFamiliar with ISO 2700x frameworks and risk assessment/treatmentKnowledge of third-party auditing and risk assessment methodologiesFamiliar with security attack pathologiesCompetencies:Solid understanding of security protocols, cryptography, authentication, authorization and best practicesProven experience with leading and guiding a group of stakeholders from different functions through threat modeling, utilizing STRIDE or other frameworksExcellent knowledge of the Common Vulnerability Scoring System (CVSS) and its application during technical vulnerability assessmentExperience with management of 3rd party vulnerabilities through analysis of Software Bill of Materials (SBOM)Ability to explain security concepts and security processes to technical stakeholders such as R&D Software EngineersVery broad technical knowledge: from embedded devices to containerized deployments of services, from backend to frontendFamiliar with OWASP project (Top 10, ASVS, SAMM, \xe2\x80\xa6)Coding skills: C, C++, JavaScript (Rust & Go a bonus)Highly motivated individual with a genuine enthusiasm for information security and technologyEager to stay up to date with latest technologiesCustomer centric mindsetGood verbal, written, presentation, facilitation, and interaction skills, including ability to effectively communicate risks, issues and concepts to multiple organization levels and executive managementGood communication skills both verbal and written EnglishAbility to prioritize workloads and to know when to seek guidanceDifferentiating Criteria:Preferably holder of certifications like GIAC, CISSP, CISM, \xe2\x80\xa6Disclaimer:Barco is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulation

Barco