Product Security Engineer

Job Title

Product Security Engineer

Primary Roles and Responsibilities:

• Participate in the development of life saving devices and applications with focus on product security.
• Drive the definition, plan, and implementation of the overall security strategy, standards, processes, and procedures, which meet or exceed customer expectations and applicable processes & standards in collaboration with the Product Security Office.
• Perform security assessments in accordance with the Risk Management Framework (RMF) as defined by National Institute of Standards and Technology (NIST).
• Actively participate in applying cyber security best practices to product development projects including cloud, application, and embedded software systems.
• Conduct or oversee technical aspects of security risk assessments and compliance audits, the evaluation and testing of firmware and software for possible impacts upon system security, and the investigation and resolution of security incidents.
• Conduct risk analyses for vulnerabilities, create threat models, perform penetration testing.
• Integrate security best practices and controls throughout the Software Development Life Cycle (SDLC).
• Function as technical lead during a security incident, determining the cause of the incident(s), performing incident response activities and forensics analysis of security incidents.
• Participate in architecture, design, and code reviews to provide security related feedback and guidance.
• Create engineering documentations to comply with product development policies, practices, and procedures.
• Working closely with regulatory bodies to support enquiries, own security related documentation and deliverables ensuring compliance with key standards/guidance documents.
• Liaison with the Product Security & Services Office (PSSO) and review applicability of impact to released or in development products regarding Product Security Advisory notices issued by the PSSO

Key Knowledge, skills and abilities required:

• BS/MS/PhD degree in Cyber Security, Systems Security, Computer Science, Computer Engineering, or equivalent
• 10+ years of job experience in a Cyber Security related position
• 5+ years of job experience in the design and development of secure software applications
• Experience with security hardening and analysis across cloud (e.g. AWS), Windows, embedded, and Linux environments/applications
• Familiar with secure coding standards
• Familiar with vulnerability testing, fuzz-testing and related scanning tools Penetration testing and tools experience
• Familiarity with OWASP methodology and tools for web application security testing.
• Strong communication and analytical skills, able to effectively communicate with people at all levels
• Forensics analysis
• Certifications such as:
  • Certified Information System Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Cloud Certified Security Professional (CCSP)
• Excellent written and verbal communication skills
• Good learning aptitude

Key Knowledge, skills, and abilities desired:

• Preferred experience in the medical, health industry, or similar regulated industries using Risk Management Framework (Finance, Military, etc.)
• Preferred experience driving product development through RMF (Risk Management Framework)
• Preferred familiarity with Department of Defense Information Assurance Architecture
• Working knowledge of C, C++, C#
Working knowledge of real time systems

#Connectedcare