Associate Principal Security Solution Architect (China)

About us 

At Dyson, we are not just creating innovative, technology-enabled products; we are also breaking new ground in cybersecurity. Our products are becoming more advanced and interconnected, which means we face a constantly evolving cyber threat landscape. This requires a highly skilled candidate to join our team, with a passion for staying ahead of emerging threats and keeping our products secure. 

We take a proactive approach to cybersecurity. We do not wait for threats to emerge; we anticipate them and respond with innovative solutions. This means that at Dyson, you will have the opportunity to work with innovative technologies, like artificial intelligence and machine learning, to protect our products and customers. 

You will be part of a team of cybersecurity experts, utilizing the latest tools and technologies to identify and respond to threats in real-time. You will work closely with our engineering and product teams to ensure that security is integrated into every aspect of our business. 

Join our team at Dyson, and you will be at the forefront of cybersecurity, working on some of the most innovative and advanced products in the industry. You will have the opportunity to develop your skills and knowledge, collaborating with a talented team of experts to ensure we are always secure. If you are passionate about cybersecurity and looking for an exciting and challenging role, Dyson is the place for you. 

About the role 

As a Security Architect at Dyson, you will play a key role in implementing Zero Trust security principles to protect our innovative technology-enabled products. Working within our collaborative, global Cyber Security team, you will have a continuous focus on transforming and managing all aspects of security - including architecture, engineering, technology risk management, cyber operations, end user security and project delivery. We invest heavily in new security capabilities (technology, processes and people) and leverage our strong cyber ecosystems to tackle future threats. 

Collaborating closely with our Global Head for Security Architecture and Engineering, you will drive the adoption of Zero Trust security principles and best practices across the organization. You will also work closely with colleagues across the Cyber Security and Risk (CSR) function to ensure that our products and data are secure and protected against evolving threats. 

In this role you will, 

• Provide advisory services to management, helping to define the appropriate security architecture and security patterns across our Enterprise IT landscape, as well as eCommerce and Ownership Experience; and acting as the Technical Product Manager to provide the necessary business, technical, and functional requirements for successful enrolment of our enterprise solutions to our web application security infrastructure. 

• Work closely with our global Cyber Security practice and local IT teams in China to ensure adequate security solutions are in place throughout all systems and platforms. 

• Perform security architecture reviews and threat modelling to identify, analyse, and resolve system design and development weaknesses for business and technology projects. 

• Be responsible for identifying and recommending improvement areas in existing enterprise solutions to address evolving cybersecurity threats. 

• Balance business requirements with cybersecurity and information technology requirements based on the organization's risk appetite, develop, and integrate security operating models and documentation to ensure operational efficiency, scalability, and sustainability. 

• As a domain expert and trusted partner in CSR, work closely with stakeholders in other groups on cybersecurity engineering-related matters and manage cybersecurity projects with virtual teams/vendors ensuring successful implementation to meet organizational objectives. 

• Troubleshoot, support, and resolve system incidents, problems, and changes as required. 

About you 

Looking for a cybersecurity challenge that will test your skills and push your boundaries? Join our team where you will be responsible for designing, implementing, and customizing advanced security solutions that align with our innovative enterprise security strategy. 

To succeed in this role you should, 

• Be able to work independently or as part of a team with minimum supervision. You should have technical certifications or other information security certifications, such as CISSP, CISM, and CCSP, as well as cloud-related certifications in AWS, GCP, Azure, and other cloud platforms. 

• Demonstrate a deep understanding of security at all levels of the software, hardware, and network stack, while being exceptionally deep in relevant regulations (e.g., China Cyber Security Law, Cross Border Data Transfers). 

• Have working experience in threat modelling and familiar with STRIDE model, MITRE cyber kill chain, analysing and creating attack trees. 

• Be able to address application and API-related cybersecurity threats and develop web application firewall “virtual patching” solutions, and review WAF usage and define means to improve and mature protection policies. 

• Possess a good understanding of IAM topics, including identity and credential management, access management, privileged access management, and secrets management, and working knowledge of IAM-related tools such as active directory and its associated components, along with relevant ticketing software such as ServiceNow and privileged access management (PAM) platforms. 

• Be up to date with current cybersecurity threats and mitigation methods. Additional working knowledge of secure development life cycle would be a big plus. 

• Have practical experience in scripting or coding skills with languages like VBScript, PowerShell, Perl, JavaScript, etc., and a good understanding of REST APIs and JSON will be highly valuable to us. 

• Have hands-on experience in technical design, implementation, and customization of security solutions, and be able to produce low-level design documentation and delivery updates. 

Dyson is an equal opportunity employer. We know that great minds don’t think alike, and it takes all kinds of minds to make our technology so unique. We welcome applications from all backgrounds and employment decisions are made without regard to race, colour, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other any other dimension of diversity.