Systems Security Architect - Poly

Systems Security Architect - PolyDescription -Job Overview:As a System Security Architect specializing in edge devices, you will be responsible for ensuring the security and integrity of our products within the HP/Poly ecosystem. Your role will involve collaborating with various security teams, providing expertise in secure coding practices for embedded devices, and driving the implementation of robust security measures. You will play a crucial role in safeguarding our edge devices against potential threats and vulnerabilities while fostering a culture of security excellence within the organization.Responsibilities:Collaboration: Work closely with other Security Teams within HP/Poly to stay updated on corporate security standards and establish relationships with internal teams and experts, such as the HP Wolf Security team and PSO team.Security Subject Matter Expert: Function as the go-to security expert for the team, helping engineers and architects with security-related questions. Assist in the design of security features, such as secure integration for projects like Project Link.Product Management Support: Serve as a primary security contact for the Product Management team, addressing security-related inquiries and collaborating with Subject Matter Experts (SMEs) within the team.Vulnerability Assessment: Identify and evaluate security vulnerabilities in current and future products, assess their severity, and propose mitigation strategies.Security Test Failures: Respond to security test failures identified by the PSO team. Advocate for reasonable expectations and provide expert guidance when necessary.Incident Response: Triage and respond to security incidents involving our devices, engaging appropriate engineers as needed.Manufacturing Security: Collaborate with HP/Poly Manufacturing and new Contract Manufacturers to establish procedures for Certificate Installation on assembly lines.Development Team Expertise: Assess the overall expertise of the development team in secure coding standards/practices and advocate for additional training as required, identifying suitable classes or training resources.Security Training Curriculum: Determine the need for a security training curriculum for new hires to align their expertise with the existing team's standards.Vendor Relationship: Stay updated on the latest offerings from security chip vendors, develop relationships with vendors, and ensure responsiveness to engineer inquiries and support requests.Security Baseline: Help define a "Security Baseline" for all new devices, with clear guidelines based on cost, threat vectors, and hardware capabilities. Advocate for the importance of enforcing the baseline.Code Review: Possibly conduct spot checks on code commits for adherence to secure coding best practices.PII Compliance: Understand and educate the team on Personally Identifiable Information (PII) guidelines applicable to products. Review new and existing products to ensure compliance.Security Conferences: Attend relevant security conferences, both external (e.g., Black Hat) and internal (e.g., HP internal Security summits).Required Skills:Broad overall knowledge of secure coding practices for embedded devices, including threat modeling, Public-Private Key Cryptography/PKI, Secure Boot, Image Authentication, SRTP, and TLS. A passion for continuous learning and the desire to become the team's security resource are highly valued.Working knowledge of ARM Trustzone, TCG TPM standards, NIST standards, Secure Element (SE) for Android and Linux, and knowledge of Common Criteria, FIPS, and other security standards is a significant advantage.Working knowledge of Android KeyStore, Keymint HAL and SE HAL are a plus.Job -SoftwareSchedule -Full timeShift -No shift premium (United States of America)Travel -Relocation -EEO Tagline - HP Inc. is EEO F/M/Protected Veteran/ Individual with Disabilities.