Product Cybersecurity Manager

Mirion is seeking a motivated and experienced cybersecurity expert to lead its centralized product cybersecurity organization. This position will build a product cybersecurity practice that provides cybersecurity oversight and capabilities for Mirion designed and manufactured products that have a digital footprint throughout their full lifecycle. Mirion products with a digital footprint include devices with embedded operating systems, developed software applications, and cloud hosted SaaS solutions.

Key Responsibilities

• Lead, manage, and mentor Mirion’s cybersecurity team focused on products with a digital footprint.
• Maintain a cybersecurity practice providing oversight and capabilities to support Mirion’s product teams. This practice will include:
  • Cybersecurity policy and procedure development and upkeep.
  • Cybersecurity support for product development and enhancement teams.
  • Developing risk management plans and performing risk assessments.
  • Assisting with the development and maintenance of product specific risk registers.
  • Performing threat modelling against products.
  • Coordinating and performing penetration testing against products.
  • Developing and maintaining vulnerability detection and management solutions during both initial development stages and to support after market surveillance.
  • Development of secure product architectures.
  • Assistance with writing and review of cybersecurity related implementation guidance in product documentation.
  • Working cybersecurity practices into CI/CD pipelines.
• Develop relationships with various product managers and their teams to identify and address cybersecurity considerations throughout product lifecycles.

Required Qualifications and Experience

• Bachelor’s degree in information technology, information security, or related field or equivalent practical experience.
• Experience: 8+ years in a cybersecurity-focused role, with significant exposure to cybersecurity architecture, engineering, and operations.
• Experience with application development or DevOps.
• Proficiency in one or more programming languages (e.g, C, C+, C#, Java, Python)
• Experience IaaS on AWS or Azure cloud platforms.
• Experience with embedded systems and associated security considerations such as anti-cloning, intellectual property protection, secure boot, and protected communications (authenticated and encrypted.)
• Strong communications skills and a collaborative working style.
• Excellent leadership skills.
• Expert level understanding of cybersecurity concepts and best practices.

Desired Qualifications and Experience 

• Familiarity with cybersecurity frameworks such as ISO 27001, IEC 62443, NIST 800-171, SOC 2, and Cyber Essentials.
• Familiarity with cyber industry regulations such as FDA Cybersecurity Marking, CE Marking, EU GDRP, and EU Cyber Resilience Act (CRA).
• Experience in industrial/manufacturing industry (OCS/OT/ICS solutions).
• Experience with automated SAST and DAST scanning solutions.
• Experience maintaining SBOMs and associated vulnerability management procedures and tooling.
• Experience with secure coding practices.
• Experience performing threat modelling activities using the STRIDE methodology.
• Experience with Azure and AWS cloud security.
• Experience with authentication integration solutions such as SAML and OAUTH.
• Experience deploying security and performance monitoring capabilities for enterprise applications.
• Familiarity with PKI and X.509 certificates.
• Experience with securing IOT devices and mobility platforms.
• Experience with penetration testing tools and techniques.
• Reverse engineering experience is a plus.