Product Security Governance Engineer
Product Security Governance Engineer
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Summary of the Position
Alcon is looking to hire Product Security Governance Engineer.
JOB PURPOSE
Support Product Security and Threat Intelligence solutions.
Provide support for performing penetration tests SAST/DAST/SCA and preparing reports for findings for Alcon Products (SaMDSoftware As a Medical Device SiMDSoftware In a Medical Device and Digital Applications).
Communicate prioritization of vulnerabilities for remediation to stakeholders.
Build competencies with gap analysis process changes and integration of automated tools across the product lifecycle.
Review and recommend remediations from security software tooling analysis.
Wellversed in the product security landscape.
Work closely with the Bangalore and Lake Forest Product Security functions Software Development Verification and Validation Quality Regulatory and Digital Health Software teams to coordinate oversight of security framework.
Help in building and developing automation with automated scripts and tools as applicable.
Help in leading efforts to close the security related gaps in Alcons product security framework.
Build strong collaboration with crossfunctional stakeholders and teams across the product development lifecycle.
Communicate stakeholders concerning discovered vulnerabilities and remediation suggestions.
Contribute to analyzing product security risks assessing security gaps and recommending possible solutions.
Provides accurate documentation of existing metrics and KPIs and security process.
Collaborating with the Product Security Incident Response Team to support incident response activities and address identified incidents as needed.
Works closely with the Product Security team to support product security activities and associated deliverables
JOB FUNCTIONS
Essential Functions
Duties are listed in order of greatest importance. Other responsibilities may be assigned.
You will be responsible for maintaining robust product security measures across all stages of our product development and post launch process. Supporting Alcon Product Security Process by performing product security activities for all Alcon products. Perform/support Post Market Monitoring risk analysis of inmarket products; document and score findings communicate results to development teams. Support yearly penetration tests SAST/DAST/SCA as needed and directed create or reviewing final reports. You will collaborate with crossfunctional teams to integrate security best practices and ensure the protection of our products against potential threats. Implement and enforce security best practices throughout the entire software development lifecycle (SDLC) Stay updated on the latest security trends regulatory standards vulnerabilities and mitigation strategies. Summarize product risks for stakeholder reports. Interact with outside vendors write/modify/convey host module requirements and be able to identify and hold outside vendors accountable for their deliverables. Review security updates for possible negative affects against inmarket products and monitor media for new vulnerabilities. As needed write and/or review patching and update communications to customers and disseminate. Support preparation software for SAST DAST Vulnerability scans fuzzing scans; review and document results provide recommendations for remediations.
QUALIFICATIONS
Minimum Requirement
BS of Computer engineering or Information Security or other related discipline with 6 years experience; or 8 years of relevant experience. Solid understanding of Software Development Lifecycle Management (SDLC) (Agile/Scrum iterative) Proven experience in a Product Security field or in a similar role. Familiar with the following types of tools: SAST DAST SBOM network forensics tools fuzzing standard penetration test tools and GRC tool are a plus. Knowledge of cybersecurity concepts networking and software development process is plus. Ability to coordinate and balance activities between multiple associates Ability to work independently proactively identify issues recommend and implement solutions and deliver quality results on schedule while managing multiple tasks and internal customers. Ability to follow directions identify issues recommend and deliver quality results on schedule. Good interpersonal & Communication skills to build positive departmental and interdepartmental relationships in a virtual remote and asynchronous environment. Prior experience on medical device software and data integrity. Understanding of FDA/ISO regulations related to medical device software. Strong understanding of secure coding principles encryption and authentication protocols
Familiarity with industry standards and frameworks such as OWASP NIST UL2900 and ISO 27001.
Excellent communication and collaboration skills. Good interpersonal & Communication skills to build positive departmental and interdepartmental relationships in a virtual remote and asynchronous environment. Understanding of Window OS services processes driver and registry configurations and analysis techniques is a plus Fluent English; excellent verbal and written communication skills
Knowledge Skills and Abilities
Personal Effectiveness Competencies:
Project Excellence Fundamental
Continuous Learning Intermediate
Digital and Technology Savvy Intermediate
Operational Excellence Intermediate
Breakthrough Analysis Intermediate
Organizational Savvy Intermediate
Skills and Knowledge:
STEAM Applied Science Technology Engineering Arts and Math
Technical Development Methodology for Medical Devices 21 CFR 820.30 ISO 13485
Systems Engineering or Risk Management for Medical Device (ISO 14971
Medical Device Software Software Life Cycle Processes (IEC 62304
Regulations and Guidelines associated with software development.
Excellent verbal English communication skill (in a remote environment)
Microsoft Office suite (i.e. Word Excel Visio)
Experiences
Cross Functional collaboration Primary
New Product Innovation Secondary
Accountability Primary
Influencing without Authority Primary
Managing Crisis Secondary
Functional Breadth Secondary
Employment scams: Alcon is aware of employment scams which make false use of our company name or leaders names to defraud job seekers. Alcon does not offer any positions without interview and never asks candidates for money. All our current job openings are displayed here on the Careers section of our website where you can search for open positions and apply directly.
If you have encountered a job posting or been approached with a job offer that you suspect may be fraudulent we strongly recommend you do not respond send money or personal information and check our website for current job openings.
ATTENTION: Current Alcon Employee/Contingent Worker
If you are currently an active employee/contingent worker at Alcon please click the appropriate link below to apply on the Internal Career site.
Find Jobs for Contingent Worker
Alcon is an Equal Opportunity Employer and takes pride in maintaining a diverse environment. We do not discriminate in recruitment hiring training promotion or other employment practices for reasons of race color religion gender national origin age sexual orientation gender identity marital status disability or any other reason.
Employment Type
Full-Time
