Sr Product Security Engineer

Job Description:
What you will be doing:

• Work directly with embedded software developers in building a securitybydesign mindset by defining implementations and coding inline with the Application Security Program mandates
• Implement embedded secure code solutions design patterns and coding guidelines that meet security and privacy requirements defined in the security plans risk assessments policies and procedures
• Support security project governance through scheduling activities planning and prioritization
• Proactively drive security solutions implementation inalignment with the development leads security architects and product owner(s)
• Drive feature implementations in line with the architecture via designs coding reviews and tests. Perform Proof of Concept (POC) activities as necessary
• Review Analyze and mitigate SAST DAST SCA and penetration test findings in collaboration with the developers for various electromechanical medical devices product lifecycles
• Review current software security control measures and implement security enhancements across multiple medical devices
• Participate in postmarket product analysis to support vulnerability investigations as required as well as be engaged in continuous security monitoring
• Work collaboratively with product teams on annual SOC2 and HiTrust audits for products.

What you will bring:

• Experienced security developer able to interpret and guide medical device software development teams on secure coding practices and application security test report interpretation for various coding languages and operating environments
• Strong knowledge of secure software development lifecycle and practices including SAFe/ Agile methodologies for software development
• Understanding of security by design principles and architecture level security concepts
• Sound understanding and experience in implementing security technologies/techniques such as Cryptographic Algorithms/Cipher Suites Public key Infrastructure (PKI) Hardware/embedded authentication protocols Secure Boot and dataatrest encryption methods
• Experience implementing OWASP Top10 application security guidelines in embedded systems
• Knowledge of embedded system architecture and security controls (e.g. firewall and border router configurations wireless communication architectures messaging authentication protocols
• Experienced in generating defining and reviewing penetration test results through knowledge standard methodologies and tools including environmental configuration definition security analysis threat modeling and system security audits
• Expertise in designing secure networks systems and application architectures
• Knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities
• Proficiency with industry standards and guidance such as IEC TR 80001 NIST 80053 ISO IEC 27001 & 27002 etc.
• Exposure to international privacy requirements & crossindustry trends
• Certification in security such as CAP CSSLP or equivalent desired but not required.

Qualifications and Skills

• Bachelors degree in Computer Science Computer Engineering a related field or equivalent demonstrated experience and knowledge
• Minimum 8 years of experience in software development or related fields.
• Minimum 5 years technical experience working with product security design/development for embedded systems
• 3 years working with each of the following:
• Experience with C/C Python Linux and/or security design within realtime operating systems
• Experience analyzing interpreting and mitigating security findings from multiple sources including SAST DAST SCA and penetration tests
• Embedded data at rest security implementations including Code Signing Secure boot and flash encryption implementations
• Embedded/IoT wired and wireless secure networking implementations within multiple layers of the OSI stack
• IoT/Embedded PKI solutions and implementation.