Principal Product Security Engineer

This is where you save and sustain lives

At Baxter we are deeply connected by our mission. No matter your role at Baxter your work makes a positive impact on people around the world. Youll feel a sense of purpose throughout the organization as we know our work improves outcomes for millions of patients.

Baxters products and therapies are found in almost every hospital worldwide in clinics and in the home. For over 85 years we have pioneered significant medical innovations that transform healthcare.

Together we create a place where we are happy successful and inspire each other. This is where you can do your best work.

Join us at the intersection of saving and sustaining lives where your purpose accelerates our mission.

Your role at Baxter

This is where your expertise helps people.

You are a problem solver. Complex projects or unexpected challenges are just opportunities to bring your considerable abilities to use. Whether working independently or with a trusted team you are always ready to tackle a project and work hard to find solutions. As a Principal Product Security Engineer you will help drive cybersecurity requirements and technologies for existing and new products. You will work with teams through all phases of development to ensure our products meets the standards and privacy concerns of our customers and patients. You will monitor potential threats analyze security risks and collaborate to remediate findings. Staying current with modern technologies and findings will allow you to guide teams on mitigating emerging threats for new product development and product sustaining efforts.

Your team

As a Product Security Engineer you will have the opportunity to lead by example and enjoy mentoring and learning from others. Here you are trusted to manage your own time and are given opportunities to grow your career as you wish. Here you often have the flexibility to work independently. We provide opportunities for you to continue to learn through various training conferences certifications and support for advanced degrees.

What youll be doing

Create technical documentation around the security of a product including:

• Threat modeling and interface architecture.
• Data Protection Impact Assessment.
• Product Security whitepapers.
• Manufacturer Disclosure Statement for Medical Devices.
• Software Bill of Materials.
• Static code analysis reports.
• Work collaboratively with the product development teams to establish information security requirements plans and policies.
• Establish governance around vulnerability management in products.
• Assist in responses to and recovery from a security breach in conjunction with other team members and business units.
• Use tools (Tenable Nessus Fortify Coverity etc. to scan for and test possible product vulnerabilities.
• Stay ahead of and advise about industry zero day discoveries and react to assess products.
• Work collaboratively with product teams on annual SOC2 and HiTrust audits for products.
• Investigate security breaches.
• Participate in project planning and scoping of security related deliverables and activities.
• Assess 3rd party and off the shelf components for secure use.

What youll bring

• Bachelors degree in Computer Science or a related field desired.
• 5 years of secure software development lifecycle experience.
• Solid understanding of application security throughout the software lifecycle.
• Experience in addressing OWASP Top 10 vulnerabilities.
• Experience developing or analyzing secure coding practices with technologies such as (C# SQL Server HTML C.
• Strong technical writing skills.
• Familiarity with the privacy by design framework.
• Experience with Threat modeling methodologies like STRIDE DREAD LINDDUN or PASTA.
• Experience performing security risk assessments and the ability to communicate impact of risk.
• Experience analyzing and documenting possible vulnerabilities found during development.
• Familiarity with industry standards and guidance such as IEC TR 80001 NIST 80053 ISO IEC 27001 & 27002 etc.
• Expertise in designing secure networks systems and application architectures.
• Certification in security such as CAP CSSLP or equivalent desired but not required.
• Keen attention to detail critical thinking and analytical abilities.
• Proven interpersonal and communication (verbal written presentation) skills.

Baxter is committed to supporting the needs for flexibility in the workplace. We do so through our flexible workplace policy which includes a required minimum number of days a week onsite. This policy provides the benefits of connecting and collaborating inperson in support of our Mission. The flexible workplace policy is subject to local laws and legal its discretion Baxter may decide to adjust suspend or discontinue as business needs change.

We understand compensation is an important factor as you consider the next step in your career. At Baxter we are committed to equitable pay for all employees and we strive to be more transparent with our pay practices. The estimated base salary for this position is $104000 to $143000 annually. The estimated range is meant to reflect an anticipated salary range for the position. We may pay more or less than of the anticipated range based upon market data and other factors all of which are subject to change. Individual pay is based on upon location skills and expertise experience and other relevant factors. This position may also be eligible for discretionary bonuses. For questions about this our pay philosophy and available benefits please speak to the recruiter if you decide to apply and are selected for an interview.

#LIASR2

Applicants must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment visa at this time.

US Benefits at Baxter (except for Puerto Rico)

This is where your wellbeing matters. Baxter offers comprehensive compensation and benefits packages for eligible roles. Our health and wellbeing benefits include medical and dental coverage that start on day one as well as insurance coverage for basic life accident shortterm and longterm disability and business travel accident insurance. Financial and retirement benefits include the Employee Stock Purchase Plan (ESPP) with the ability to purchase company stock at a discount and the 401(k) Retirement Savings Plan (RSP) with options for employee contributions and company matching. We also offer Flexible Spending Accounts educational assistance programs and timeoff benefits such as paid holidays paid time off ranging from 20 to 35 days based on length of service family and medical leaves of absence and paid parental leave. Additional benefits include commuting benefits the Employee Discount Program the Employee Assistance Program (EAP) and childcare benefits. Join us and enjoy the competitive compensation and benefits we offer to our additional information regarding Baxter US Benefits please speak with your recruiter or visit our Benefits site: Benefits Baxter

Equal Employment Opportunity

Baxter is an equal opportunity employer. Baxter evaluates qualified applicants without regard to race color religion gender national origin age sexual orientation gender identity or expression protected veteran status disability/handicap status or any other legally protected characteristic.

Know Your Rights: Workplace Discrimination is Illegal

Reasonable Accommodations

Baxter is committed to working with and providing reasonable accommodations to individuals with disabilities globally. If because of a medical condition or disability you need a reasonable accommodation for any part of the application or interview process please click on the link here and let us know the nature of your request along with your contact information.

Recruitment Fraud Notice

Baxter has discovered incidents of employment scams where fraudulent parties pose as Baxter employees recruiters or other agents and engage with online job seekers in an attempt to steal personal and/or financial information. To learn how you can protect yourself review our Recruitment Fraud Notice.