Security Architect

About us

At Dyson we research, design, manufacture and sell a range of cutting-edge, technology-enabled products. We constantly innovate - exploring new markets and technologies, connecting with customers and products in new ways.

As Dyson, our products become ever more complex, deploy new technologies and innovative architectures, and connect to more complex ecosystems. This means that they face an ever-evolving cyber risk landscape, with a need for continual review and vigilance to address new and emerging threats.

About the role

Our collaborative, global Cyber Security team have a key role to play in the above, as they enable the successful delivery of exciting new projects, both business and security, and manage the digital security of our products.  They maintain and develop the digital security of our manufacturing sites and supply chain and operate Dyson’s cyber defences across the globe.

As one of three new Associate Principal Security Architect roles across the globe, your new role will focus specifically on Embedded Product Security Architecture and will be based at our Hullavington campus in Wiltshire. Your new role is ultimately responsible for ensuring that security is built into our products and the ecosystem they connect to. 

Key responsibilities will include:

• Ensuring that Dyson’s products, and the ecosystems they connect to, are secure.
• Assisting in the strategy, architecture and governance of Dyson’s connected consumer / IoT devices at all project stages; from setting security requirements, defining product security guidelines and principles, through to evaluating risk and overseeing assurance activities.
• Setting the direction for our Engineering teams to deliver against, capturing and articulating cyber security risk and providing consultancy services to our stakeholders in product development.
• Planning, researching, designing and building robust security architectures for new projects.
• Improving efficiency, automation and performance of security, reducing cost of ownership and driving quality, security and speed.
• Engaging with new business initiatives – delivering secure, supportable solutions.
• Providing security risk assessment and recommendations throughout delivery lifecycle - producing designs, defining patterns and engaging with delivery (Waterfall, Agile and DevSecOps).

With Board level commitment to significant investment in our ‘Cyber Fusion Centre’ capabilities, and supported by the IT Senior Leadership team, this role reflects the importance of world class cyber defence and security engineering to Dyson.

About you

You’ll have a solid background in product development or security architecture of IOT/OT platforms, including engineering of core, best-in-class secure products.  With your expert knowledge of current industry security threats, challenges and mitigation techniques, you’ll be an expert at influencing and building relationships with a broad range of people, globally.

Key requirements include:

• A strong background in hardware or embedded software.
• Solid understanding of security techniques for securing devices and communications with them, such as: authentication, encryption, integrity checking and establishing a root of trust.
• Expert knowledge of current industry best practice and guidance for securing IoT devices.
• Ability to quickly learn new technologies and architectures and identify potential security weaknesses.
• Ability to rapidly learn deeply technical subjects related to product security, and an ability to keep abreast of security impacts to fast moving industries, such as the consumer electronic device industry.

You will ideally have knowledge of the following:

• Real Time Operating Systems.
• Microprocessor and Microcontroller architectures and their security features.
• System-on-Chip devices (e.g. Bluetooth/WiFi) and their associated software stacks.
• Secure Software Download.
• Threat Modelling.
• Security Risk Assessment.
• Security Requirements for standalone and connected products.

You’ll also have knowledge across several security and engineering topics, ideally:

• Embedded Software Languages and Software Development Lifecycle.
• Common attack vectors and how to minimise the threats they pose.
• Product security advisories, alerts, security trends and practices.
• Identification and remediation of vulnerabilities in Open Source Software.
• Mobile phone platform architecture (IOS and Android) and the security features they offer.
• Cloud architecture and security.
• Penetration Testing.
• Tools used to identify software vulnerabilities (e.g. Static Analysis, DAST tools).
• Security testing and assurance.
• Secure Software Development Frameworks.
   

Alongside your technical expertise, the role requires strong business partnering and relationship building skills.  You’ll work closely with Project teams to develop practical solutions to mitigate business risks.  There’s ample scope to share and build on your existing technical expertise, and we invest heavily in the development and training of our team.

Benefits

Financial

• Performance-related bonus scheme 
• Competitive pension scheme
• Life assurance and income protection
• Discounts on Dyson machines

Lifestyle

• Free bus (coach) travel to and from Malmesbury campus from Bristol, Bath, Chippenham and Swindon
• 27 days’ holiday (plus public holidays)
• Ability to purchase additional holidays
• Free parking on-site
• On-site hair salon, sports centre and gym – all free
• Free lunch and free, (unlimited) hot drinks and fruit
• Free on-site Lifestyle Assist service (concierge)
• Electric vehicle salary sacrifice scheme

Health & Wellbeing

• Private medical insurance
• Dental insurance
• Health Assessments
• Employee Assistance Programme
• Free GP service (both on-site and digital)
• Free gym, fitness classes and wellbeing centre on-site
• Fertility treatment and menopause support

#ZP-2

Dyson is an equal opportunity employer. We know that great minds don’t think alike, and it takes all kinds of minds to make our technology so unique. We welcome applications from all backgrounds and employment decisions are made without regard to race, colour, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other any other dimension of diversity.