Overview
The Senior IoT Security Architect develops IoT security solutions for the Advanced Product and Solutions (APS) organization within Bell Business Markets. This involves compiling and understanding the overall security requirements, interfacing with various internal and external stakeholders for the development of the end-to-end solutions (HW, SW and services), integrating IoT, 5G, MEC, Cloud, and Private Mobile Network products.
 

The Senior IoT Security Architect works closely with the APS Incubation and Product teams, providing technical thought leadership and acting as Subject Matter Expert, to support the design and development of innovative solutions in select industry verticals. The position also interfaces with customers in co-development engagements, leveraging Design Thinking methodologies for problem identification and solution ideation.
 

Job Duties / Accountabilities:

• Oversee IoT security for end to end solutions in the APS portfolio 
• SME for IoT security matters, supporting APS Incubation and Solution Portfolio teams
• Work with a multidisciplinary team encompassing APS, Network, IT, Sales, Operations, Delivery, Project Management, Finance, Legal, 3rd Party Vendors and other subject matter experts as required to design innovative applications.
• Evaluate and recommend IoT security solutions providers, to support build/buy/partner decisions.
• Work with Software development teams and Bell Corporate Security to set up security controls measures at every stage of the IoT development cycle.
• Participate in co-development and incubation with customers, analyse application security requirements, identify and remediate risks.
• Provide material for customer presentations (e.g. white boarding/design sessions), for technical and non-technical audiences (including customer C-level) 
• Support sales enablement programs, providing content for training and knowledge transfer.

Preferred Qualifications/Competencies:

• 5+ years of experience in a significant application security role or a consulting background in IT security strategy for large-scale enterprises and in the context of large-scale systems. 
• IoT Security expertise, including but not limited to:
  • IoT devices fingerprinting and Identification based on TCP/IP networking behavior
  • Expert knowledge of OWASP Top 10 and CWE Top 25 vulnerabilities in IoT devices for vulnerability assessment and risk mitigation.
  • Expert knowledge of IoT Application Security areas: Authentication, Authorization, Encryption, Logging and Testing
  • Good Knowledge of Cryptography, database encryption and cloud encryption
  • Up to date knowledge of common threats, attacks and penetration techniques, as it pertains to IoT applications
  • Experience with DevSecOps within cloud applications.
  • Enhanced managed detection and response 
  • Security governance, compliance, and audit 
  • Network/System Intrusion Detection or Prevention Systems
  • Good knowledge of IP networking and Internet technologies: TCP/IP, DNS, HTTP, Radius, SIP, Ethernet technologies, EIGRP, BGP, MPLS protocols
  • Industry security standards  (ISO 27001/ISO 27002, NIST) and regulations (PIPEDA, GDPR)
  • Security architecture practices, processes, frameworks (SABSA, TOGAF, NIST) 

• Experience in Agile SDLC
• Good knowledge of Threat Modeling, Architectural Risk Analysis or alternative  security risk assessment methods
• Ideally hold one or more security industry certifications such as:
  • Certified Information Systems Security Professional (CISSP)
  • Certified Application Security Engineer (CASE)
  • Certified Kubernetes Security Specialist – CKS
  • CompTIA Security+
  • AWS Certified Security Specialty
  • Azure Security Engineer Associate 
  • Google Professional Cloud Security Engineer
• Analytical skills to identify gaps and deficiencies in the development of the solutions. 
• Negotiation and problem solving skills to work with multiple stakeholders and resolve conflicting priorities, and ensure successful delivery of solutions.
• Leadership and collaborative skills to work with all levels of the organization 
• Solid vendor relationship management experience in order to maintain state-of-the-art knowledge in emerging technologies and to involve as required 3rd party vendors in solution development. 
• Excellent verbal communication skills to present complex information to a variety of audiences. Excellent writing skills to present complex concepts in a clear and concise manner. 

#LI-PG

#talent