Who We Are: Panasonic Avionics takes entertainment to new heights. We’re the world’s leading supplier of (IFEC) inflight entertainment and communications systems that allow airborne passengers to get their fix of live TV, movies, music, interactive games, maps, and much more! We make traveling on airplanes more exciting!
What We Value:
As an organization, we value people who are motivated and driven. We value a collaborative work environment that enhances careers and positively impacts society. We value our diverse work culture committed to delivering products and achieving high results. Seeing our products bring delight to others is just one way we measure success.
Why You Should Join:
A job is only part of what we offer. See how you can flourish in a career while getting the support and resources from some of the most talented people in the industry. You will work on technology that makes traveling the world that much better. Lastly, you will be rewarded with world class benefits and competitive wages. Come aboard, we’ve been expecting you!
We are currently working remotely until the end of 2021 and will offer a hybrid/remote work schedule once we return to our new offices in Irvine.
The Panasonic Cybersecurity Risk Management (“PCRM”) organization was created to strategically enable the business mission of enhancing the passenger experience, improving operational efficiencies, and generating business opportunities.
Our mission is to protect the Panasonic brand and reputation, digital processes and technologies, data and intellectual property, and the customer data under its custodianship.
The scope is global in nature and achieves its mission by developing and operating, programs to identify, prioritize, communicate, measure, and drive to closure, cybersecurity risk across the enterprise and its portfolio of NEXT generation solutions and services for inflight entertainment and communications (IFEC).
To support this focus, Panasonic seeks a qualified candidate for the position of Sr. Product Cybersecurity Engineer. The Sr. Product Cybersecurity Engineer is a critical member of the Cybersecurity Risk Management – Security Architecture team and is responsible for identifying security vulnerabilities in software, cloud and embedded firmware of pre-release products, post-release updates, 3rd party code and server environments. They participate in evaluation of security tools, identification, evaluation and selection of technologies to continually improve the risk posture of enterprise and/or product security program.
The Sr. Product Cybersecurity Engineer must be comfortable working in a dynamic, flexible, fast paced environment and is expected to partner with other cybersecurity programs, information technology organizations, network operation centers, software development teams, product management, security researchers, law enforcement, and business stakeholders, to manage, and drive forward security projects in support of the incident response program.
- Review and assesses, new and existing, business enterprise or product architectures, security focused tools, systems and services.
- Build employee security and risk awareness through validation and testing of identified vulnerabilities, typically via security architecture reviews, product security risk assessments.
- Perform security architecture reviews, threat models, and provide requirements throughout all phases of software product development.
- Develop, deploy, and/or enhance security solutions/tools to identify and/or prevent cybersecurity vulnerabilities and assist in addressing existing security problems.
- Help detect, highlight, and close security vulnerabilities that surface during the software development lifecycle.
- Participate in training developers on secure coding and remediation techniques.
- Evaluate public security advisories, publications, and trends for impact to the organization, the products we develop, and the customers we serve.
- Product Cybersecurity Engineers sit at the heart of security related to application/software development and are key to the management, prevention, detection and remediation of vulnerabilities in internal software development workstreams including 3rd party libraries used within the company and its products.
- Experience in the following programming languages (C, C++, Python, PHP, Java).
- In-depth knowledge of web technologies, protocols, web services, and interfaces.
- A minimum 5 years of experience in Web Application Development, preferably with a security focus.
- Knowledge of security problems associated with software written in PHP, C/C++, and Java.
- Ability to adapt and be entrepreneurial in order to solve problems quickly, creatively and collaboratively.
- Familiarity with OWASP TOP 10, OWASP IoT Top 10, OWASP Mobile Top 10, SANS 25, CWE, etc. required.
- Excellent ability to discover and demonstrate flaws such as SQL injection, XSS, and CSRF.
- Solid understanding of database security.
- Familiarity with offensive security tools such as but not limited to (Burp Suite, Metasploit, Nessus, Acunetix)
- Knowledge of public key infrastructure (PKI), TPM 2.0, cryptography, encryption, digital signing, code scanning and other security related technologies required.
- Experience with one or more technical cloud platforms strongly desired i.e. AWS, Google Cloud, Azure
- Experience with mobile security with an emphasis on Android related application and IOS security.
- In-depth understanding of secure coding techniques.
You are a senior contributor who has:
- Strong problem-solving skills.
- Drive for continuous learning and discovery.
- Excellent communication skills.
- Strong technical security engineering background and skills.
- Ability to engage with and influence people at all levels.
- Ability to interface and coordinate with many teams simultaneously.
- Ability to work effectively in fluid environments.
- Strong interest in evaluating processes to see where changes can be made, coupled with a strong preference to do the lightest-weight changes possible.
- Demonstrated ability to work effectively with highly technical engineering teams while helping them deliver against a backlog.
- Stays current on emerging cybersecurity threats and vulnerabilities.
- Strong interest in diving deeply into Panasonic's services, applications, and infrastructure to better partner with teams on the design and implementation of security asks.
- Minimum of 10 years of applied experience working in the Network Security, Mobile Application Security, Cloud Security, or Application Security fields required.
- BS in Computer Science or 5 years related technical field/technical experience.
- Certifications such as (OSCP, OSCE) are a plus.
- Any disclosed CVEs are a plus.
- Ability to obtain CISSP or CSALP certification in 6 months of employment required.
- Experience influencing engineering teams and driving them via their development cycle to deliver Security (or other) non-feature improvement/enhancement
- Experience auditing code via both white-box and black-box techniques
- May be required to travel up to 30% domestically and/or internationally
Panasonic is proud to be an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, disability status, protected veteran status, and any other characteristic protected by law or company policy. All qualified individuals are required to perform the essential functions of the job with or without reasonable accommodation. Pre-employment drug testing is required for safety sensitive positions or as may otherwise be required by contract or law. Due to the high volume of responses, we will only be able to respond to candidates of interest. All candidates must have valid authorization to work in the U.S. Thank you for your interest in Panasonic Corporation of North America.