Security AnalystNovi, Michigan Job ID: 120585
A Career at HARMAN
As a technology leader that is rapidly on the move, HARMAN is filled with people who are focused on making life better. Innovation, inclusivity and teamwork are a part of our DNA. When you add that to the challenges we take on and solve together, you’ll discover that at HARMAN you can grow, make a difference and be proud of the work you do every day.
What You Will Do :
The Automotive Product Security team is responsible for securing Harman’s automotive products through prevention, detection, and response. The Security Analyst will be part of this team focusing primarily on the latter two goals. The Security Analyst will be expected to actively review and triage recent security news and advisories. The Security Analyst will also be a key player in responding to new vulnerabilities or incidents by writing disclosures and helping cross-functional teams understand and act appropriately.
The Security Analyst will not have direct reports. The security analyst will primarily work with the vulnerability management and incident response technical leads.
- Threat Intelligence:
- Actively watch vulnerability feeds, news, and Auto-ISAC reports for potentially relevant data.
- Monitor Vulnerability Disclosure Program (VDP), working with external researchers and other divisions within HARMAN.
- Create and manage internal tickets to track this and capture relevant metrics. (e.g. time to resolution, time to first response, time to customer notification).
- Participate in industry information sharing organizations (e.g. the Auto-ISAC).
- Vulnerability Management:
- Author disclosure documentation to summarize new vulnerabilities and share appropriately with affected teams.
- Work with product delivery teams to guide them through a security risk assessment and remediation.
- Track progress of program teams on remediation efforts.
- Prepare escalation to executive management teams
- Review data generated by automated vulnerability scanners to determine applicability and impact. Log all true positives.
- Incident Response:
- Act as liaison between external security researchers and Harman security engineers.
- Assist Harman product teams in executing “incident response playbooks” when needed.
- Assist/coordinate proof-of-concept exploits when needed.
- Maintain and improve the incident response process for HARMAN product security.
What You Need:
- The Ideal Candidate will have:
- Demonstrated skills expected of college graduates in STEM majors.
- Engineering or STEM degree is not a requirement; however you must be able to actively demonstrate skills commonly associated with one: e.g. critical and analytical thinking, decomposition and abstraction ability, strong communication.
- Demonstrated security ability such as technical write ups, participation in “capture the flag” events, security-related programming projects.
- A passion for (and ideally experience in) embedded product security.
- Very strong communication ability (verbally and written) to a range of audiences from developer to executive management.
- Experience with programming (a plus).
- Experience with the automotive industry (a plus).
- Experience with JIRA or other bug tracker (a plus).
- Experience with version control (e.g. git) (a plus).
- Eligibility Requirements:
- Willingness to travel domestically (~5% of the time)
- Office location - Novi, MI
- Any offer of employment is conditioned upon the successful completion of a background investigation and drug screen
HARMAN is an Equal Opportunity /Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or Protected Veterans status. HARMAN offers a great work environment, challenging career opportunities, professional training and competitive compensation. (www.harman.com)