Risk Analyst - Vulnerability Assessment

As a Software Risk Analyst, your primary responsibilities will include: - Conducting SOUP (Software of Unknown Provenance) & Software Risk Analysis to evaluate the risk associated with supplier-provided software, open-source libraries, and licensed components. - Collaborating with software development teams to assess software against security criteria and documenting findings in compliance with IEC 81001-5-1 and ISO 14971 standards. - Performing Vulnerability Assessment & Impact Analysis to evaluate software issues, bugs, and third-party vulnerabilities, determining their presence, accessibility, exploitability, and potential impact across safety, security, privacy, and business categories. - Synthesizing assessment information into analysis reports and issue tickets to support decision-making and regulatory compliance. In addition, you will have secondary responsibilities such as: - Collaborating with Product Security Engineers to integrate software risk results into product-level risk analysis. - Providing input to security architecture and design reviews, emphasizing code-level and component-level risk context. - Utilizing tools for vulnerability scanning, SBOM analysis, and source code analysis to support investigations. - Participating in vulnerability triage reviews, code reviews, and security incident response evaluations. - Assisting the software team in developing proactive vulnerability detection and monitoring processes in the Software Development Lifecycle. Qualifications required for this role include: - Bachelors degree in computer science, Computer Engineering, Software Engineering, or related discipline. - 8+ years of experience in embedded product software development, embedded product software security, or embedded product vulnerability analysis in regulated industries. - Strong experience in embedded software development using C++/Python and familiarity with Operating Systems concepts. As a Software Risk Analyst, your primary responsibilities will include: - Conducting SOUP (Software of Unknown Provenance) & Software Risk Analysis to evaluate the risk associated with supplier-provided software, open-source libraries, and licensed components. - Collaborating with software development teams to assess software against security criteria and documenting findings in compliance with IEC 81001-5-1 and ISO 14971 standards. - Performing Vulnerability Assessment & Impact Analysis to evaluate software issues, bugs, and third-party vulnerabilities, determining their presence, accessibility, exploitability, and potential impact across safety, security, privacy, and business categories. - Synthesizing assessment information into analysis reports and issue tickets to support decision-making and regulatory compliance. In addition, you will have secondary responsibilities such as: - Collaborating with Product Security Engineers to integrate software risk results into product-level risk analysis. - Providing input to security architecture and design reviews, emphasizing code-level and component-level risk context. - Utilizing tools for vulnerability scanning, SBOM analysis, and source code analysis to support investigations. - Participating in vulnerability triage reviews, code reviews, and security incident response evaluations. - Assisting the software team in developing proactive vulnerability detection and monitoring processes in the Software Development Lifecycle. Qualifications required for this role include: - Bachelors degree in computer science, Computer Engineering, Software Engineering, or related discipline. - 8+ years of experience in embedded product software development, embedded product software security, or embedded product vulnerability analysis in regulated industries. - Strong experience in embedded software development using C++/Python and familiarity with Operating Systems concepts.