Associate Principal Security Architect

Our Cyber Security Team 

It’s no secret that our intellectual property is critical to our success. In order to secure our ideas and designs, our customer and employee personal data, and to protect operations from cyber-crime, Dyson’s global Cyber Security and Risk group works effectively to keep our secrets secret and secure our crown jewels, using advanced technologies to stay one step ahead of the game.  

We have a continuous focus on transforming and managing all aspects of security - including architecture, engineering, technology risk management, cyber operations, end user security and project delivery. We invest heavily in new security capabilities (technology, processes and people) and leverage our strong cyber ecosystems to tackle future threats. 

Product Design, Manufacturing, Supply Chain, eCommerce and Enterprise Systems are at the beating heart of Dyson’s cyber defence priorities. We play a key role in ensuring the successful design and delivery of exciting new business and security projects, and that our controls and security platforms remain effective and compliant.  Furthermore, our cyber operations capabilities are delivered on a global 24x7 basis from our strategic locations across the US, UK / Europe, India, Singapore and China. 

The Security Architecture and Engineering team plays a key role, with responsibility for the design and engineering of our core enterprise and Operational Technology cyber protection technologies – along with the actual design of the security elements of business and IT projects.  We also play a critical role in assuring the security and compliance of all Dyson’s existing and new products. 

Alongside technical expertise in the relevant areas of Security Architecture, the role requires strong business partnering and relationship building skills. You’ll work closely with project teams in business areas to develop practical solutions to mitigate business risks. There’s ample scope to share and build on your existing technical expertise, and we invest heavily in the development and training of our team. 

Responsibilities 

• Consult on business and IT-led initiatives, design cyber security elements, ensure adequate security solutions are in place  

• Plan, research, design and build robust security architectures for new projects 

• Design, coordinate and oversee security testing and assurance of products 

• Improve efficiency, automation, and performance of security, reduce cost of ownership. Drive Quality, Security, and Speed 

• Engage with new business initiatives - deliver secure, supportable solutions, make the quick easy way the secure way  

• Develop and maintain strong working relationships with key IT, business, and supplier contacts 

• Provide security risk assessment & recommendations throughout delivery lifecycle - produce designs, define / draft patterns, engage with delivery (Waterfall, Agile and DevSecOps). Support application development, database design, network/platform projects. 

• Help project teams comply with enterprise and IT Security policies, industry regulations, computer forensic investigations and best practices 

Qualifications and Experience (not all experience and qualifications will be required, depending on the role) 

• Deep expertise in Zero Trust Network Access and Data Loss Protection. Exposure in working with HR and legal on following through enforcement process as well as aligning technical solution to business requirement.

• Strong background in security architecture of enterprise, OT or IOT platforms, including engineering of core best-in-class security products.  

• Awareness of current industry security threats, challenges, and mitigation techniques 

• Interpersonal and communication skills, able to influence and build effective working relationships with a broad range of people and roles globally 

• End point technology 

• Connected devices 

• Core infrastructure/cloud and/or business applications.  

• Designing and delivering secure eCommerce, Ownership Experience, Retail against a backdrop of major standards / frameworks such as PCI-DSS, ISO27001, NIST 800 series, ISA/IEC 62443. 

• Supporting project teams with high and low-level security consultancy, design and delivery, with a wide-ranging understanding of security considerations across key technologies such as Cisco, Microsoft, SAP, Oracle, market-leading SaaS applications, public cloud, etc 

• Operational technology / manufacturing / supply chain security 

• Embedded product software security 

• Familiarity on ITIL processes to work collaboratively with IT 

Knowledge across several security topics, ideally across the following categories: 

• Security Architecture, including: designing infrastructure security solutions, architecting secure business applications and integrations, horizon-scanning, trends and technologies 

• Security Consultancy, including: setting security requirements, regulations (e.g. GDPR, PCI-DSS, other international privacy requirements), security good practice, threat modelling and mapping to common framework (Cyber Kill Chain, MITRE ATT&CK) 

• System-level Security, including: operating system hardening, endpoint security, network security, web and application services, database security, privileged user management 

• Cloud Technologies, including: Platform as a Service (PaaS), Infrastructure as a Service (IaaS), Content Delivery Networks (CDN), Web Application Firewall (WAF) 

• OT security technology and models 

• DevOps practices, embedding security in the software development lifecycle 

Dyson is an equal opportunity employer. We know that great minds don’t think alike, and it takes all kinds of minds to make our technology so unique. We welcome applications from all backgrounds and employment decisions are made without regard to race, colour, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other any other dimension of diversity.