See all jobs in Coopersburg PA
Job Location: Coopersburg, PA
Region: North America
Lutron is seeking a seasoned and passionate product security architect that enjoys protecting the customer from adversaries. Your security work involves a broad scope of responsibilities from web application system design tools, to embedded devices, to inter-device communications, to apps that control and customize the product, to communications and processing in the cloud, to protecting individual customer privacy wherever they may live in the world, and endeavor to comply with all laws that protect our customer's privacy.
We desire someone with both strong technical skills, and the skills, experience, and desire to manage security functions, and develop existing personnel interested in security, while attracting new people with security skills into Lutron.
Lutron's reputation has been built on world-class quality and innovation. We consider our product security part of our product quality. Because security is so important, you will have the ear and the support of Lutron's top leaders as you respond to the ever-changing landscape of cyber threats.
Lutron's culture is a flat, agile, flexible organization with the ability to get the job done - whatever it takes. As a privately held organization, we can focus on what is best for the long-term and not be short sighted on this quarter's stock price. All of this plus our broad and diversified product range has allowed us not only to survive, but thrive through oil crises, housing crises, and today, a pandemic.
In Lutron's "project engineer" oriented culture you will not only be allowed to lead but expected to proactively lead our security programs in the right direction.
Lutron is also a learning organization and your responsibilities will include passing your knowledge on to others so that they can do more, and so that you can continue to expand your knowledge and skills in security to keep Lutron at the forefront of product security.
We have a strong Lutron security team in place, and we are proud of the close working relationship between our product security and information security teams and our IT department. Both teams are part of our incident response and tabletop exercises.
Your responsibilities include:
- Forming strong partnerships with the Information Security teams and Product Security teams to support an agile environment that provides end to end support of Lutron's products, services, and tools to grow our business.
- Championing secure coding practices, static testing, and use of world-class security techniques to protect our data, ensure the privacy of customer data, and continue our customer's trust in Lutron.
- Working with senior leadership to understand our business strategy and drive our security strategy to support the business goals and ensure that our security meets and exceeds the needs of our different customer groups from homeowners to Fortune 100 businesses.
- Clearly defining and communicating risk to all levels of the organization, so that security stories and backlog can be properly prioritized alongside features and business needs.
- You will work with and seek out new outside security consultants to second guess our strategic direction and help us in new security areas for which we are not experts.
- Supporting Lutron's Security by Design and Privacy by Design philosophy by proactively involving yourself with the engineering projects in the early stages of their projects. You will support existing Lutron security standards as well as work with the team to create a risk assessment for new areas of security concerns. You will help the team communicate the security work required in the project so that managers can plan for enough resources for the project to be successful.
- Being successful in this role by working effectively at multiple levels ranging from "in-the-trenches" with individual engineers and architects, "white boarding" with senior managers, and participating at higher levels with senior executives and customer stakeholders. And, rallying multiple stakeholders around a holistic approach to privacy and security across the organization.
Additional responsibilities include:
- Looking forward at trends in Security and Privacy that affect Lutron's business, product portfolio, and customers to create and implement the proactive, appropriate responses and changes.
- Spearheading strategic/continuous improvement security projects:
- Creating and implementing secure coding and training practices across the global enterprise
- Driving a culture and process around automated unit and software testing
- Designing a methodology, program and staffing for security alerts for all product software including OS, open source modules, etc.
- Developing a mature, rapid patch response for high and critical rated CVE security flaws
- Leading our Audit Program:
- Ensuring completion of secure coding training
- Making sure SYSPR - System Security and Privacy Reviews are properly held and that action items are completed
- Documenting security reviews project by project
- Following through on security improvement commitments made at "Can Ship"
- Ensuring security improvements are followed through in subsequent software releases.
- Enforcing security commitments made by the development teams at "Can Ship" and proper balance of feature releases between features and improving security
- Auditing that product software revisions used in products are current and accurately reflected in the product software revision database
Lutron is a leader in the home and building controls market, and one of the first entrants into the connected home/IoT space. The ideal candidate will demonstrate a passion for cyber security and have more than a decade of experience in product security including embedded products.
- B.S. degree in Computer Science, Information Assurance or Information Systems - GPA 3.0 or higher required
- M.S. degree in Information Security is a plus
- Ability to relocate to the greater Lehigh Valley, Pennsylvania area or the greater Philadelphia area for this position
- 10+ years of experience in embedded security, software security, cloud security, security for iOS and Android apps, and Web Application security
- Demonstrated experience in securing physical products with connectivity that make them subject to a wide range of malicious attacks
- Experience in managing and developing the security people and the security function to anticipate the future needs of the organization
- Conversant in OWASP Top 10 Vulnerabilities; SANS top 25, CVE, GDPR and CASB
- Familiarity with NIST and international security standards
- Experienced in how to train developers in secure programming, catching vulnerabilities, and how to fix them correctly
- Has experience and demonstrated ability to lead cross-functional teams
- Experienced in mentoring and coaching software engineers to prepare detailed software/security plans, test plans, and proper reviews to create secure systems
- Has the ability to manage and expand relationships and have the range to operate at strategic and tactical levels
- Demonstrated ability to assess and weigh risk to set priorities
- Has ability to coach/develop engineers to write attack models, risk assessments, and to weigh risk to reputation vs. cost and time to implement.
- Has experience developing test tools to continuously test code builds for security vulnerabilities and allow rapid deployment of security patches for severe vulnerabilities with high confidence in their successful deployment
- Adapt, change, or modify software and application development activities to respond to new threats with demonstrated techniques for evaluating security threats and determining the impact to commercial and developed applications.
- Drive continuous improvement in security, and champion changes to the organization.
- Experience in clearly presenting complex security topics and plans and how they will help the business to senior management to obtain buy-in and funding.
- The ability to manage and expand relationships and have the range to operate at strategic and tactical levels.
Lutron Company Overview
Founded in 1961, Lutron Electronics is headquartered in Coopersburg, Pennsylvania, in the heart of the Lehigh Valley. From dimmers for the home to lighting management systems for entire buildings, the company offers more than 17,000 energy-saving products, sold in more than 100 countries around the world. In the US alone, Lutron products save an estimated 10 billion kWh of electricity, or approximately $1 billion in utility costs per year. The company's early inventions - including the first solid-state dimmer invented by Lutron's founder, Joel Spira - are now at the Smithsonian's National Museum of American History in Washington, DC.
Recently, Lutron has reinvented itself to be at the forefront of the rapidly expanding IoT space:
Casta Wireless combines the latest technology for controlling LED lamps, low energy consumption battery-powered motorized shades, world-class UX design for apps, and high-availability, low-latency cloud services along with world-class alliance partners for thermostats, cameras, music, 3rd party apps, and 3rd party platforms to provide a delighted residential customer experience.
Vive Wireless allows existing commercial buildings to be retrofitted with the latest energy-saving controls that can dim or switch all lighting sources to provide control and energy savings. Based on a "System of Systems" approach, individual rooms or spaces can be individually outfitted with control with minimum down time. Later, a Vive Hub edge device can be added to extend the feature set to include central timeclock, energy reporting, and energy demand response.
Ketra lighting technology transforms residential and commercial spaces by allowing designers total lighting freedom to perfectly mimic the natural ever-changing colors of daylighting indoors, and to adjust the vibrancy of color in the space to enhance artwork and architecture. Lutron's next generation of wireless technology allows Ketra lighting in the ceilings, in coves and niches, and in table lamps to precisely illuminate the space with a uniform consistent color over time.