Director, Product Security

Dover is a diversified global manufacturer with annual revenue of over $8 billion. We deliver innovative equipment and components, specialty systems, consumable supplies, software and digital solutions, and support services through five operating segments: Engineered Products, Clean Energy & Fueling, Imaging & Identification, Pumps & Process Solutions and Climate & Sustainable Technologies. Dover combines global scale with operational agility to lead the markets we serve. Recognized for our entrepreneurial approach for over 60 years, our team of approximately 24,000 employees takes an ownership mindset, collaborating with customers to redefine what's possible. 

Headquartered in Downers Grove, Illinois, Dover trades on the New York Stock Exchange under "DOV." Additional information is available at dovercorporation.com. 

Position Summary
Dover is seeking to hire a Director, Product Security Leader, to drive the security activities of our evolutionary digital products, to incorporate privacy and data security for all of our connected categories.  In this role, you will be responsible for the overall security roadmap of Dover’s embedded, on-premises and SaaS products, gathering customer feedback while understanding customer needs and pain points. Our ideal candidate has extensive knowledge of IoT products, and advanced industry knowledge to keep us on the cutting edge. From day one, you’ll have an immediate impact on the day-to-day efficiency of our evolving digital capabilities, and an ongoing impact on our overall growth.
 
Job Responsibilities:
•    Build and oversee the Product security program and building security program management methodologies, aligning with the product development teams
•    Building Secure SDLC methodologies for digital products
•    Develop a common framework for IoT security standards and roll out across the organization for all developed products, and acquired products
•    Establish, evangelize and execute internal governance model for security tools and services to serve customer security needs, i.e. firmware deployment, security monitoring, secure remote access
•    Coordinate with the product cyber testing team, learn from identified gaps and incorporate these gaps in the product security common framework for product and firmware releases as needed
•    Coordinate with the product cyber testing team on the setup and use of self-testing security tools during development and pre-product release
•    Work with various stakeholders to tackle evolving challenges, incorporate the latest industry hardware and software and have the opportunity secure a steady stream of evolving products
•    Support Dover businesses with their customer security needs and have security first approach be the market differentiator
•    Work closely with R&D, engineering, and technology teams to deliver high-quality products on schedule, and build security standards
•    Be active in strategic discussions with vendors, internal stakeholders and corporate leadership
•    Build positive relationships and trust through strong cross-team interactions, on-time delivery, high-quality products, continuous innovation, and exceeding expectations
 
Education and Experience Requirements:
•    Experience with device specific communication/network technologies
•    Experience with embedded software and operating systems, Windows, and Linux
•    Experience analyzing security of cloud-based interfaces of IoT devices
•    Management of penetration testing used to identify weaknesses in the transmission and storage of data
•    Experience with reverse engineering, disassemblers, debuggers, and developing exploits
•    High level understanding of vulnerabilities and attack methods, with the ability to explain security issues such as privilege escalation, buffer overflows, SQLi, etc., how to identify them, and what tools are best used for each
•    Experience managing teams around Common Weakness Enumeration (CWE), Common Vulnerability Scoring System (CVSS), Common Vulnerabilities and Exposures (CVS and Open Web Application Security Project (OWASP)) processes and remediation recommendations
•    Encryption (both at-rest and in-transit) and related cryptography, authentication services
•    Bachelor’s or master’s degree in a computer field
•    10+ years of total industry experience
•    Master’s degree in computer science or related discipline desirable

Work Arrangement: Hybrid  
Salary Range: $213,000.00   - $233,000.00  

We consider several job-related, non-discriminatory factors when determining the pay rate for a position, including, but not limited to, the position’s responsibilities, a candidate’s work experience, a candidate’s education/training, the position’s location, and the key skills needed for the position.  Pay is one of the Total Rewards that we provide to compensate and recognize employees for their work.

All qualified applicants will receive consideration for employment without discrimination on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age, genetic information, or any other factors prohibited by law.

Job Function: