Job Description

Ensign is hiring !
Job Summary:
The Senior Director for Software and Device Security Testing is a strategic and technical leader responsible for overseeing all aspects of software/device security testing within the organization. This role involves defining the vision, strategy, and competency roadmap for testing and validating the security of software/device, ensuring they meet industry standards, regulatory requirements, and organizational security goals. The incumbent will lead a high-performing team, manage complex stakeholder relationships, and drive innovation in testing methodologies to safeguard the organization's assets and client ecosystems.
Key Responsibilities:
Strategic Leadership:

• Develop and execute the strategic vision and roadmap for software/device security testing to align with the organization's security objectives.
• Ensure alignment with broader organizational goals and regulatory requirements.
• Provide thought leadership on emerging device security threats, trends, and testing methodologies.

Operational Excellence:

• Oversee the design, implementation, and continuous improvement of security testing frameworks, tools, and processes.
• Lead the development of innovative testing approaches to address complex software/device security challenges.
• Lead the automation of software/device security testing techniques using a Cyber Range Platform and Breach & Attack Simulation (BAS) Tools.
• Monitor and report on testing metrics, outcomes, and compliance.

Team Leadership:

• Build, mentor, and lead a team of software/device security professionals, fostering a culture of excellence and innovation.
• Establish clear performance goals and provide professional development opportunities for team members.
• Promote cross-functional collaboration to ensure seamless integration of security testing outcomes into existing security systems
• such as SIEM/SOAR to facilitate prevention and detection when appropriate.

Stakeholder Management:

• Act as the primary liaison with internal and external stakeholders, including clients, regulatory bodies, and technology partners.
• Present findings, recommendations, and risk assessments to senior leadership and external parties.
• Manage relationships with external vendors and contractors engaged in software/device security testing.

Risk Mitigation and Compliance:

• Ensure software/device security testing complies with applicable standards and regulations (e.g. CLS, ISO, NIST).
• Identify and mitigate risks associated with software/device security, providing proactive solutions to enhance protection.
• Drive adoption of best practices for secure software/device design, development, and deployment.

Innovation and Thought Leadership:

• Stay abreast of emerging technologies, cyber threats, and security trends to proactively adapt testing strategies.
• Represent the organization at industry conferences, forums, and working groups.
• Collaborate with R&D teams to contribute to the development of secure products and solutions.

Qualifications:

• Bachelors degree in Computer Science, Information Security, or a related field is required.
• Minimum of 10-15 years of experience in cybersecurity, with at least 5 years in a leadership role focused on security testing.
• Proven track record in designing and implementing security testing programs in complex environments.
• Strong experience in managing cross-functional teams and large-scale security testing initiatives.

Skills:

• Experience with Static/Dynamic Analysis as well as Penetration Testing techniques and tools (Kali Linux, Metasploit, Burp Suite, Nessus, Shodan, Qualys).
• Experience with Hardware security testing techniques for tamper resistance, power analysis, microcontroller analysis and JTAG/Debug port testing.
• Strong leadership, communication, and interpersonal skills.
• Exceptional problem-solving and decision-making abilities in high-pressure situations.

Certifications:

• Relevant certifications such as CISSP, CEH, OSCP, or equivalent are preferred.

Key Competencies:

• Strategic thinking and planning
• Leadership and team development
• Stakeholder engagement and communication
• Technical acumen and innovation

Working Conditions:

• This role is primarily based in the office with occasional travel required to client sites, conferences, or regulatory engagements.