We are a young software company that offers a cybersecurity product with a mission to make secure design a de facto practice for all software applications.
Our automated threat modeling product makes the process of a secure design fast, easy, and accessible to non-security experts.
Threat modeling as a practice is maturing, for example through the recent inclusion of Insecure Design in the OWASP Top 10, and Gartner puts the market at 2-5 years from the mainstream.
Building on this and following a successful Series A funding round in late 2020, IriusRisk has grown significantly over the past two years.
And it continues to grow. With a remote-first and inclusive culture, we can hire some of the best talents in Europe and the Americas.
Our IriusRisk Technical Advisory Board is made up of key industry leaders and helps to inform the development of our platform, addressing the software security challenges that our customers face.
Those customers include household names in the financial services and technology industries, and our customer base and verticals continue to expand - from cryptocurrency to medical devices and IoT.
About the role
We're looking for a Security Researcher, Application Security Engineer, Security Architect, or Threat Modeler who understands device security as well as design and build secure software and is technically minded to support our Centre of Excellence.
Our Center of Excellence is primarily focused on Embedded, Medical, industrial, and IoT device Security.
The main objectives of the role are to :
Research, create, and update threat models for key architectures related to embedded, IoT, and Medical devices in modern infrastructures, e.
g. Hospitals, industrial plants, manufacturing facilities, etc.
Become an expert in our threat modeling platform, which uses the Drools rules engine to control many of the automation features.
Write technical support articles and create videos describing features of our product and how to use those features in live environments
Provide some marketing support by creating blog posts on Threat Modeling and security at design time
Provide feedback to our engineering team on the product design and feature set.
Key duties and responsibilities include :
Researching new technology areas to define threat modeling risk patterns that apply to them. Your research should be based on industry standards where possible such as OWASP, CIS, NIST, IEC, etc.
Create small scripts and automation to help speed up your work and to assist the pre and post-sales teams. For example, sometimes customers need a quick script to access our API and retrieve data.
Research the latest embedded device, IoT, Medical security controls for content creation
Build a knowledge base of Components and Rules for actual attack surfaces and scenarios.
Create material (webinars, posters, presentations, articles) to be used for marketing and information purposes
Collaborate with the marketing team and the community manager to champion Device Security
Occasionally work with the Sales team on prospect calls and demos
Prepare and provide specific content for new libraries with a focus on IoT, Industrial Security, and Medical devices.
Create extensive threat models from existing solutions and architecture
Collaborate with external organizations to provide security research - e.g. IEC / ISA, CSA, SANS, CIS.
Attend dedicated security conferences related to embedded devices.
The role is 100% remote, but the candidate must be resident in Spain or the UK for tax purposes.
2+ years experience working in a Cyber Security research role. (Experience in Threat Modeling or application, or device security is a strong advantage.
Excellent written technical English
Demonstrated experience working independently with minimal supervision
A passion for learning new technologies, particularly in the field of Embedded Devices, IoT, IoT, or Medical
MSc in Cybersecurity or closely related technical subject or equivalent certification (CCSA, CISSP, etc) + research experience.
Nice to have
Experience in development, architecture, or technical operations teams is a strong advantage
Experience in Industrial security, NIST 800-82, 62443 3-3, etc
Experience in IoT or embedded device security 62443 4-2
Interest in software development
Familiarity with modern development tools like Jira, git, bitbucket, etc.
Not a requirement but a plus : certificate of disability equal to or greater than 33%.