Product Security Engineer Hybrid Loveland CO or Fountain Valley CA

We understand that the world we want tomorrow starts with how we do business today and thats why were inspired to make A Better World for Pets. Antech is comprised of a diverse team of individuals who are committed to each others growth and development. Our culture is centered on our guiding philosophy The Five Principles: Quality Responsibility Mutuality Efficiency and Freedom. Today Antech is driving the future of pet health as part of MarsScience & Diagnostics a familyowned company focused on veterinary care.

Current Associates will need to apply through the internal career site. Please log into Workday and click on Menu or View All Apps select the Jobs Hub app then click the magnifying glass to Browse Jobs.

This is a Hybrid role based out of our office in Loveland CO. The Target Pay Range for this position is $annually. At Antech pay decisions are determined using factors such as relevant jobrelated skills experience education training and budget.

Job Summary:

The Product Security Engineer will be responsible for defining implementing and enforcing secure coding practices to ensure that software security is embedded earlyon (shifting left) throughout product development lifecycle. To achieve this the candidate will be collaborating with the Software Engineering Development Teams and the Cybersecurity team in leading and enhancing the design and implementation of information security requirements including secure coding standards languagespecific secure coding guidelines as well as secure SDLC methodologies. This role requires strong expertise in secure coding standards vulnerability management and collaboration with development teams to build secure applications.

Key Responsibilities:

• Develop maintain and implement secure coding standards based on industry best practices such as NIST 80053 OWASP CWE CERT ISO among other.

• Develop implement and maintain coding standards based on Languagespecific Secure Coding Guidelines including C# .NET PowerShell TypeScript SEI CERT Coding Standards Microsoft Secure Coding Guidelines Mobile OSbased languages as well as Azurerelated security bestpractices for Azure DevOps Azure Security Center Key Vault Azure Policy Azure AD and rolebased access controls.

• Develop maintain and implement secure coding standards based on Secure SDLC Frameworks and Methodologies such as Microsoft Security Development Lifecycle SDL OWASP Software Assurance Maturity Model (SAMM) as well as other frameworks for measuring software security initiatives.

• Responsible for ensuring endtoend security framework for design development testing deployment and maintenance throughout the product lifecycle management.

• Integrate security principles into the Software Development Lifecycle ensuring compliance with security and privacy policies standards and guidelines.

• Conduct secure code reviews for manual automated static dynamic and software composition analysis to identify vulnerabilities.

• Work closely with software developers DevOps & DevSecOps and security teams to remediate vulnerabilities and enhance secure coding practices.

• Provide training and guidance to developers on secure coding techniques and threat mitigation strategies for threat modeling.

• Establish automated security testing within CI/CD pipelines.

• Stay up to date on emerging security threats vulnerabilities and mitigation techniques.

Product Security Validation

• Organize and support the product security review process

• Ensure ontime delivery and required level of quality in all aspects of the validation process.

• Provide Standardized product security documentation.

• Collaborate with other stakeholders and core teams to ensure effective efficient and secure design implementation.

• Provide assurance in adhering to established policies standards procedures and guidelines.

• Develop and ensure software engineering procedures are aligned with product security requirements.

• Lead risk assessments and threat modeling exercises for applications and solutions to provide vulnerability remediation guidance to product development engineering teams globally.

• Ensuring architecture is in accordance with industry accepted standards for veterinary and health devices security including encryption disaster recovery authentication audit logging hardening measures patch management and vulnerability monitoring.

Qualifications & Experience:

Education Experience & skills:

• Bachelors or Masters degree in Cybersecurity Information Technology Computer Science Engineering or related field.

• 5 years of experience in secure software development application security or DevSecOps.

• Handon experience static dynamic and Software Composition Analysis (SAST/DAST/SCA) tools.

• Strong knowledge of secure coding standards (e.g. OWASP CERT CWE SANS Top 25 etc.

• Proficiency in programming languages and related tools such as C# .NET PowerShell TypeScript as well as Azurerelated security bestpractices for Azure DevOps Azure Security Center Key Vault Azure Policy Azure AD and rolebased access controls.

• Experience with security testing tools like SonarQube Checkmarx Fortify Veracode Burp Suite or similar tools.

• Understanding of Zero Trust Cloudbased and hybrid architectures.

• Stronganalytical and problemsolving skills with the ability to work in a fastpaced agile environment.

Preferred Qualifications:

• Experience in regulated industries (finance healthcare manufacturing etc. applying regulatory regulations and/or security frameworks under a quality management process.

• Hands on knowledge of threat modeling methodologies (STRIDE DREAD etc.

• Experience in a laboratory setting veterinary clinics healthcare or related systems.

• Experience communicating complex security concepts effectively (technical nontechnical and executive level audiences).

• Experience and knowledge working with encryption algorithms and a PublicKey Infrastructure (PKI) solutions.

• Knowledge of cloud security best practices for AWS GCP and Azure.

• Experience with container security (Docker Kubernetes) a plus.

• Relevant certifications such as CISSP CSSLP CEH OSCP GIAC GWAPT are highly preferred. Microsoft Azure certifications including Microsoft CertifiedAZ500 AZ505 AZ400 SC900 are a plus.

• Experience working in a regulated (FDA MDR) environment with medical instrumentation is a plus.

Physical Demands:

• Extensive sitting phone and computer use

• Extend and reach with hands and arms and use hands and fingers

• Occasionally required to bend kneel stoop or crouch

• May be required to lift move and carry up to 15 lbs.

• Specific vision abilities required including close vision color vision depth perception and the ability to adjust focus.

• Hearing ability to effectively communicate via the telephone and in person

• Ability to communicate verbally on the telephone and in person

• Fluency in the English language

• Extended hours may be needed

Work Environment:

The employee will primarily work in a typical office environment including use of cubicles computers and overhead lighting. Temperature extremes will be minimal to noise level in the work environment is usually moderate. The employee will be required to use a computer spreadsheets database management email and the Internet. The employee is frequently required to use a calculator; fax copy machine and phone system.

About Antech

Antech is a leader in veterinary diagnostics driven by our passion for innovation that delivers better animal health outcomes. Our products and services span 90 reference laboratories around the globe; inhouse diagnostic laboratory instruments and consumables including rapid assay diagnostic products and digital cytology services; local and cloudbased data services; practice information management software and related software and support; veterinary imaging and technology; veterinary professional education and training; and boardcertified specialist support services.

Antech offers an industry competitive benefits package and continues to invest in and evolve benefits programs that meet the health wellness and financial needs of our associates.

• All Fulltime associates are eligible for the following benefits and more:

• Paid Time Off & Holidays

• Medical Dental Vision (Multiple Plans Available)

• Basic Life (Company Paid) & Supplemental Life

• Short and Long Term Disability (Company Paid)

• Flexible Spending Accounts/Health Savings Accounts

• Paid Parental Leave

• 401(k) with company match

• Tuition/Continuing Education Reimbursement

• Life Assistance Program

• Pet Care Discounts

We are proud to be an Equal Opportunity Employer Veterans / Disabled. For a complete EEO statement please see our Career page at Antech Careers.

Note to Search Firms/Agencies

Antech Diagnostics Inc. and its subsidiaries and affiliates (Antech) do not compensate search firms for unsolicited assistance unless they have a written search agreement with Antech and the requisition is positionspecific. Any resumes curriculum vitae and other unsolicited assistance from search firms that do not have a written search agreement or positionspecific requisition submitted to any Associate of Antech will be deemed the sole property of Antech and no fee will be paid in the event the candidate is hired by Antech.