OBS! Ansökningsperioden för denna annonsen har
passerat.
Arbetsbeskrivning
We are currently looking for a Security Officer to work as the go-to person for cryptography and also handle key management for the company.
If you are reading this, you probably already know that Polestar is an electric performance car brand. We work hard to create a unique experience for the customer, owner, and driver. The thrill of driving the car, the digital experience of buying, owning, and controlling a Polestar require us to push the limits of technology and software development. Sustainability has been there from the beginning, and we have set a moonshot goal for climate-neutral cars in 2030. There is an ocean of opportunities in this for talented IT professionals who want to dive in and make a difference.
The Information Security Department
The Information Security department in Polestar is expanding as the company is growing. Polestar is active in many countries and more markets will come at a rapid pace. The IT landscape complexity is growing and in Information Security we need to keep the company safe from a diverse set of threats. The main threats are cybersecurity-related and to protect against that a solid foundation of security practices is needed.
The department is organized in several areas. This role will be in the Cryptography and Key Management area that is supporting the Polestar organization with security processes and skills related to cryptography and key management. The idea is to manage the inventory of keys under relevant key management tools, assist developers and architects in cryptographic algorithms, key lengths, and other implementation details. It will also involve working with cryptographic solutions in the car and manufacturing.
The other areas in the InfoSec department will provide other specialized skills, like Red Team/Pen testing, Security Architecture, and Privacy to name a few. People that are interested in security sometimes have a somewhat diverse background and skill base. So will your colleagues and we will all complement each other.
About the role
The role will have as a main mission to set up key management systems and act as the cryptographic expert. You will also help with designing things implement practices for key ceremonies, key rotation, key inventory plus to help the various development teams in selecting the best algorithms for the job. This means that you will also work with the SDLC in the teams.
In Polestar we are still a new company. You will need to be able to both work with SDLC and also chip in and bring your superpowers to use in other areas. You will report to the CISO of Polestar.
What you will do
- Be the go-to person for cryptography. Keep yourself and the organization up to date on what is modern and what is outdated
- Select, procure and manage key management systems and ensure you are NOT the only one that can manage it
- Assist in the training of users and InfoSec staff in SDLC in “on the job” fashion with workshops or short training sessions to give a group of developer’s new insights related to the protection of data in transit and at rest
- Balance security with convenience. If practice becomes too cumbersome, users will find ways around it. We must focus on the efficiency of the employees as we are still a small organization and all the employee's time is crucial to protect
- Together with the CISO and other colleagues in the same role, you will be responsible for the SDLC with all the practices and guidelines targeting the developers and other stakeholders involved
- In many countries, there are also export laws related to cryptography. You will work with legal to ensure that we are compliant
Personal Qualities
- At Polestar we are building a new company. That requires that you are a shaper, i.e., you can create a process where the is none today and you are the one that proposes a solution
- You want to create the best and most efficient protection for the company
- Open-minded. While you shape and create, the reflection on how security is adapted to the
- You can express what people must or need to do in a clear and convincing way
- Manage workshops and working through others
Skills
- Expertise in PKI and symmetric systems. You need to be able to train people in them so they can understand when they should use what types of crypto
- Key management systems, knowledge in different types of HSMs, key ceremonies, and related practices is a must
- Good understating of usability when it comes to cryptography and what implications the selection of asymmetric versus an asymmetric key bring, for instance during the enrollment processes
- Good scoping skills. Understanding legal requirements and incorporate that into your solution proposal is a plus
- Risk management, Threat Modeling, and SDLC is a big plus
If you have questions, contact
John Karman Head of Information Security (CISO) +46 734340612 john.karman@polestar.com
Polestar - the guiding star
Polestar is an electric performance brand, determined to improve the society we live in by catalyzing the change to sustainable mobility. We are a global team of highly talented individuals who share a passion to change the world. We challenge conventions and we challenge ourselves for the purpose of innovation. We believe innovation is a team effort and that just like each component is critical to the performance of our cars each person working at Polestar is as important to the team and its performance. We work in close collaboration across empowered global teams that don’t settle for anything less than excellence.
Is this you? If you are interested in joining the Polestar family, don't wait with submitting your application. We apply a continuous selection process and the job post will be open until the position is filled.