- Information Technology
- Poland - Krakow Office
At Dyson, we demand the highest standard of performance from the technologies we engineer. Our people expect the same from the technology that supports them. We are a community that appreciates and advocates better engineering. A community of pioneers.
Dyson IT is mid-transformation. Our aim, to create robust IT architecture, to manage data effectively and efficiently and continue to grow our world-class team. A team who is strategic, enabling business acceleration, growth and success.
It’s no secret that our intellectual property is massively critical to our success. But how do we keep it from the prying eyes of the bad guys? Dyson’s Global Cyber Security team works effectively to keep our secrets secret and secure our crown jewels using advanced technologies to stay one step ahead of the game. We take a pragmatic approach, transforming cyber security in order to enhance our business resilience, enable our colleagues to move fast, delight our customers, and better manage potential cyber disruption. Investing in new cyber security capabilities across technology, process, and people, we build on and leverage our strong cyber security ecosystems to tackle future threats.
Our IT Security Risk & Compliance, Enterprise Security and Cyber Defence functions are the beating heart of Dyson’s Cyber Fusion Centre capabilities. Together, they enable the successful delivery of exciting new projects, help existing toolsets remain effective, enable and encourage compliance, balance red & blue team capabilities, and make sure that cyber security incidents are managed in a timely and efficient way.
About the role
We are recruiting within our Global Cyber Team for an Associate Principal Security Architect. The candidate shall be a person with strong background in the security architecture of enterprise, OT or IOT platforms, including the engineering of core best in class security products. The successful candidate will have technical experience in some or all or the following areas – end point technology, connected devices, core infrastructure / cloud and / or business applications. The successful candidate will be responsible for consulting on and designing the cyber security elements of business and IT-led initiatives as well as directly supporting customer facing retail and ownership experience security initiatives.
Work closely with our global Cyber Security practice’s multiple disciplines and other IT teams to ensure adequate security solutions are in place throughout all systems and platforms.
Identify and mitigate any risks in legacy systems in order to meet business objectives and regulatory requirements.
Plan, research, design and build robust security architectures for new IT and business-led projects.
Serve as a security expert in application development, database design and network and/or platform projects, helping project teams comply with enterprise and IT Security policies, industry regulations, computer forensic investigations and best practices.
Ensure that security requirements are identified, represented and met in all projects and initiatives.
Design, coordinate and oversee security testing to verify the security of systems and applications and drive the remediation of identified vulnerabilities.
Provide security risk assessment & recommendations to the business, ensuring appropriate controls are in place to protect the business, and our customers.
Write, maintain, and follow security documentation including technical designs and operations manuals.
Keep abreast security advisories & alerts, security trends & practices.
Communicate with technical and non-technical audiences at various levels, including project managers, delivery teams, the global Cyber Security team, and business risk owners.
Develop and maintain strong working relationships with key IT, business, and supplier contacts.
Understand solutions and business focus - Engage with new business initiatives and deliver more secure and supportable solutions.
Give Advice - Engage with IT architects, developers and engineers, legal team, privacy team, programme managers, and business data owners.
Deliver Consultancy throughout delivery lifecycle - Produce designs, define / draft patterns, and engage with delivery (Waterfall, Agile and DevSecOps)
Improve automation of security and efficiency - Find ways to automate security to reduce cost of ownership and improve performance.
Drive Quality, Security, and Speed- Ensure adequate governance, make sure the easy way is the secure way and help the business deliver both securely and quickly.
This is what we need you to have:
Experience in designing and delivering secure eCommerce, Ownership Experience, Retail against a backdrop of major standards / frameworks such as PCI-DSS, ISO27001, NIST 800 series, ISA/IEC 62443.
Experience of supporting project teams with high and low-level security consultancy, design and delivery, with a wide-ranging understanding of security considerations across key technologies such as Cisco, Microsoft, SAP, Oracle, market-leading SaaS applications, public cloud, etc.
High level of knowledge across several security topics like Security Architecture including: designing infrastructure security solutions, architecting secure business applications and integrations, horizon-scanning and keeping abreast of the latest trends and technologies; Security Consultancy including: setting security requirements, knowledge of relevant regulations (e.g. GDPR, PCI-DSS, other international privacy requirements), adherence to security good practice; System-level Security including: operating system hardening, endpoint security, network security, web and application services, database security, privileged user management, etc and Cloud Technologies including: Platform as a Service (PaaS), Infrastructure as a Service (IaaS), Content Delivery Networks (CDN), Web Application Firewall (WAF), etc.
Awareness of DevOps practices and embedding security in the software development lifecycle
Data Security knowledge including: Encryption/Tokenization guidelines, Key Lifecycle Management
Experience of supporting InfoSec Risk Assessments using industry best practice risk assessment and management methodologies
Awareness of current industry security threats, challenges and mitigation techniques
Strong conceptual thinking and communication skills
Ability to work well under minimal supervision, and across multiple suppliers
Team-oriented interpersonal skills, with the ability to communicate effectively with a broad range of people and roles globally, including vendors, IT and business personnel
• Life Assurance
• Accidental Death and Dismemberment Insurance
• Pension Plan
• Performance bonus
• Free fruit delivered for office staff, free coffee and tea
• Cafeteria Benefit – wellness programme, cinema tickets, Multisport card etc.
• Possibility of working from home
• Medical: Employee cover + opportunity to buy additional cover for family
• Employee Assistance Program for employee and dependents
Dyson is an equal opportunity employer. We know that great minds don’t think alike, and it takes all kinds of minds to make our technology so unique. We welcome applications from all backgrounds and employment decisions are made without regard to race, colour, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other any other dimension of diversity.