About Barco
Barco designs technology to enable bright outcomes around the world. Seeing beyond the image, we develop visualization and collaboration solutions to help you work together, share insights, and wow audiences. Our focus is on three core markets: Enterprise (from meeting and control rooms to corporate spaces), Healthcare (from the radiology department to the operating room), and Entertainment (from movie theaters to live events and attractions). We have a team of 3, employees, located in 90 countries, whose passion for technology is captured in granted patents. As part of BCR Software Development group at Barco our vision is to be a world class software team partnering with our businesses to offer successful software solutions and outcomes that delight our customers and set the trend in our dynamic markets.
BCR (Barco Control Rooms)
The Barco Control Rooms business unit is making workflow and visualization solutions for the Control Room market since to help operators collect, visualize and share critical information for optimal mission-critical decision making. Today, we are still the number one choice for control room professionals who want to stay on top of their situational awareness with + installations for critical infrastructure and critical operations.
Barco CTRL is our latest flagship software product. It is a simple, scalable and secure platform, that gives an operator full control over the information flow in an easy and intuitive way for faster and efficient decision making.
About the Role
1. Lead and mentor the group of R&D Security Champions and take ownership of the groups’ meetings and activities
2. Provide security insights and feedback to R&D at highly technical level (e.g. during code reviews)
3. Lead R&D teams during threat modeling exercises and security risk analyses during design/development phases
4. Challenge R&D teams and system architects about the why and how technical security controls should be integrated
5. Design and document technical security controls in different product lines
6. Own and maintain process security controls in the design and development phases, e.g:
7. Threat modeling
8. Code review process
9. Application security testing (SAST, DAST, …)
10. Vulnerability management (e.g. of open source packages)
11. Vulnerability scanning (tooling and configuration)
12. Provide security support during product penetration tests executed by external partners
13. Take ownership of incident response management and vulnerability disclosure processes
14. Take ownership for ISO ISMS/audit product development related subjects
15. Contribute to the creation of security whitepapers of the different product lines
16. Key contact point for security/privacy related topics during pre-sales phase
Stay up to date with latest security/privacy technologies, trends and regulations
Inform Security Office about the state of security per product
Qualifications and Experience
Education:
Bachelor’s/Master's degree in IT or information security, or equivalent by experience.
Experience:
17. At least 5 years of experience in information security management with a software development or software testing background
18. Experience with agile development process across international teams
19. Familiar with ISO x frameworks and risk assessment/treatment
20. Knowledge of third-party auditing and risk assessment methodologies
21. Familiar with security attack pathologies
Competencies:
22. Solid understanding of security protocols, cryptography, authentication, authorization and best practices
23. Proven experience with leading and guiding a group of stakeholders from different functions through threat modeling, utilizing STRIDE or other frameworks
24. Excellent knowledge of the Common Vulnerability Scoring System (CVSS) and its application during technical vulnerability assessment
25. Experience with management of 3rd party vulnerabilities through analysis of Software Bill of Materials (SBOM)
26. Ability to explain security concepts and security processes to technical stakeholders such as R&D Software Engineers
27. Very broad technical knowledge: from embedded devices to containerized deployments of services, from backend to frontend
28. Familiar with OWASP project (Top 10, ASVS, SAMM, …)
29. Coding skills: C, C++, JavaScript (Rust & Go a bonus)
30. Highly motivated individual with a genuine enthusiasm for information security and technology
31. Eager to stay up to date with latest technologies
32. Customer centric mindset
33. Good verbal, written, presentation, facilitation, and interaction skills, including ability to effectively communicate risks, issues and concepts to multiple organization levels and executive management
34. Good communication skills both verbal and written English
35. Ability to prioritize workloads and to know when to seek guidance
Differentiating Criteria:
Preferably holder of certifications like GIAC, CISSP, CISM, …
Disclaimer:
Barco is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulation