Cybersecurity Lead - Product Security (Network Hardware & OS)

Req ID: 131965
Region: Americas
Country: USA
State/Province: Texas
City: Richardson

General Overview

Functional Area: Information Technology (ITM)
Career Stream: IT Risk & Compliance (RAC)
Role: Senior Technical Lead (SRT)
Job Title: Senior Technical Lead, Information Security
Job Code: SRT-ITM-SECR
Job Level: Level 11
Direct/Indirect Indicator: Indirect

Summary

Reporting to the Global Head of IT Security, the Cybersecurity Lead - Product Security will act as the security architect and guardian for Celestica’s network hardware products and proprietary network operating systems. This role is distinct from enterprise IT security; you will embed security into the very fabric of the products we deliver to customers.
You will lead the adoption of "Secure by Design" principles, operationalizing the standardized Software Development Life Cycle (SDLC) within product engineering teams. You will be responsible for translating high-level governance requirements into technical reality—ensuring our network switches, routers, and appliances are hardened against advanced persistent threats (APTs) and comply with Zero Trust principles.

Detailed Description

Performs tasks such as, but not limited to, the following:

• Secure Product Lifecycle: Lead the integration of security gates into the product development lifecycle for network hardware and OS software. Enforce the standardized SDLC policy and ensure threat modeling (using frameworks like STRIDE or PASTA) is conducted during the design phase of every new product release.

• Network OS Hardening: Direct the security hardening of the network operating system. Define and enforce baseline configurations to ensure the OS is resistant to tampering, implementing controls such as secure boot, kernel hardening, and restricted shell access.

• Application Security Testing: Orchestrate the "Standardizing Dynamic Testing and Vulnerability Management" initiative for product software.

• Oversee the implementation of Static Application Security Testing (SAST) using tools like Snyk in the CI/CD pipeline and establish a Dynamic Application Security Testing (DAST) framework to identify runtime vulnerabilities.

• Zero Trust Architecture: Architect product features that support Zero Trust environments. Ensure network products support granular micro-segmentation capabilities 12and robust identity integration, moving away from local authentication to centralized, MFA-ready administrative access.

• Vulnerability Remediation: Manage the product vulnerability lifecycle. Establish Service Level Agreements (SLAs) for remediating findings identified during penetration testing and DAST scans, ensuring no critical vulnerabilities ship to production.

• Crypto & Protocol Security: Ensure all product cryptographic implementations align with the "IT Encryption & Cryptography Policy", mandating AES-256 standards. Validate the security of implemented network protocols (BGP, OSPF, SSH, TLS) against industry best practices.

Knowledge/Skills/Competencies

• Threat Modeling: Mastery of threat modeling methodologies (STRIDE, PASTA) to identify design flaws early in the development cycle.

• Hardening: Expert knowledge of OS hardening standards (CIS Benchmarks, NIST) and how to apply them to custom hardware platforms.

• Cryptography: Solid understanding of applied cryptography (PKI, TLS, AES, secure boot chains).
  Zero Trust: Ability to translate "Zero Trust" concepts 22 into concrete product features (e.g., API security, mutual TLS).

• Innovator: A proactive problem-solver who can balance security requirements with product performance and time-to-market constraints.

• Technical Authority: Capable of earning the respect of hardware engineers and kernel developers through deep technical competence.

• Detail-Oriented: Rigorous in validating that "Secure by Design" is not just a slogan, but a documented and tested reality.

Physical Demands

• Duties of this position are performed in a normal office environment.
• Duties may require extended periods of sitting and sustained visual concentration on a computer monitor or on numbers and other detailed data. Repetitive manual movements (e.g., data entry, using a computer mouse, using a calculator, etc.) are frequently required.

Typical Experience

• Product Security: 8–10 years of experience in product security, specifically focusing on network hardware (switches, routers, gateways) or embedded systems.
• Software Development: Strong background in C/C++, Go, or Python, with experience developing or securing Network Operating Systems (e.g., SONiC, Linux-based embedded OS).
• Network Architecture: Deep expertise in network protocols (L2/L3, TCP/IP, VLANs, VXLAN) and network security technologies (Firewalls, ACLs, 802.1X).
  AppSec Tooling: Proven experience implementing SAST/DAST pipelines (e.g., Snyk, Coverity, Burp Suite) and managing vulnerability disclosure programs.

Typical Education

• Education: Bachelor’s degree in IT, Networking, or a related field (equivalent experience accepted).
• Certifications: * Checkpoint: CCSE (highly preferred)
• General: CompTIA Security+ or Cisco CCNP Security.

Notes

This job description is not intended to be an exhaustive list of all duties and responsibilities of the position. Employees are held accountable for all duties of the job. Job duties and the % of time identified for any function are subject to change at any time.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Celestica's policy on equal employment opportunity prohibits discrimination based on race, color, creed, religion, national origin, gender, sexual orientation, gender identity, age, marital status, veteran or disability status, or other characteristics protected by law.
This policy applies to hiring, promotion, discharge, pay, fringe benefits, job training, classification, referral and other aspects of employment and also states that retaliation against a person who files a charge of discrimination, participates in a discrimination proceeding, or otherwise opposes an unlawful employment practice will not be tolerated. All information will be kept confidential according to EEO guidelines.

COMPANY OVERVIEW:
Celestica (NYSE, TSX: CLS) enables the world's best brands. Through our recognized customer-centric approach, we partner with leading companies in Aerospace and Defense, Communications, Enterprise, HealthTech, Industrial, Capital Equipment and Energy to deliver solutions for their most complex challenges. As a leader in design, manufacturing, hardware platform and supply chain solutions, Celestica brings global expertise and insight at every stage of product development – from drawing board to full-scale production and after-market services for products from advanced medical devices, to highly engineered aviation systems, to next-generation hardware platform solutions for the Cloud. Headquartered in Toronto, with talented teams spanning 40+ locations in 13 countries across the Americas, Europe and Asia, we imagine, develop and deliver a better future with our customers.

Celestica would like to thank all applicants, however, only qualified applicants will be contacted.
Celestica does not accept unsolicited resumes from recruitment agencies or fee based recruitment services.

This location is a US ITAR facility and these positions will involve the release of export controlled goods either directly to employees or through the employee's movement within the facility. As such, Celestica will require necessary information from all applicants upon an applicant's acceptance of employment to determine if any export control exemptions or licenses must be filed.