Senior Product Security Engineer
Hologic, Inc. · Santa Clara, CA · 2 wk ago
Information TechnologyFull-time
Key Responsibilities
- Champion Security: Drive a Secure by Design culture across product teams, ensuring adherence to security standards and best practices.
- Policy Enhancement: Participate in the continuous improvement of our Secure by Design policies and procedures, aligning products with the latest security requirements and regulatory standards.
- Documentation and Architecture: Support the creation and maintenance of security design documentation and architecture diagrams.
- Security Assessments: Conduct and document ongoing security assessments, including Threat Modeling, for Hologic products and remote connectivity solutions, providing support to product teams as needed.
- Risk Management: Perform Security Risk Management activities to address identified vulnerabilities and security design issues.
- Design Discussions: Create and maintain security controls and requirements while actively participating in design discussions and activities.
- Development Support: Assist in product development efforts, including Security Code Reviews, to ensure compliance with Secure by Design principles and the implementation of appropriate security controls.
- Automation and DevSecOps: Support the automation of security testing and reporting, manage security tooling, and secure our cloud environments.
- Misison Monitoring and Incident Response: Oversee ongoing security monitoring of in-market products and connected health solutions, participating in incident response investigations as necessary.
- Education and Training: Educate sales and service teams on securing our products, connected health solutions, and their operating environments.
Ideal Candidate Profile
- Industry Awareness: Maintain vigilance on industry security threats, assess risks to Hologic products, and manage these risks according to established quality procedures.
- Troubleshooting Expertise: Effectively diagnose and resolve issues associated with networked, computer-based products.
- Travel Flexibility: Be available for travel to Hologic offices, training, and customer sites.
- Autonomous Alignment: Work with some supervision while aligning with strategic intentions and corporate priorities.
- Cloud Knowledge: Possess a strong understanding of cloud design concepts and a working knowledge of security analysis and protection tools.
Qualifications
- Education: Master’s or Bachelor’s degree in Computer Science, Management Information Science, Engineering, or a related technical field.
- Experience: 4+ years of relevant experience in: - Computer and network security - Cloud base platform experience - Computer networking administration - Microsoft Windows and Linux operating systems - Software application testing and maintenance - Cybersecurity Risk Assessment
- Technical Skills: - Knowledge of the secure development lifecycle and experience in a development environment. - Expertise in application secure design and code reviews, with an understanding of Secure Coding standards and common vulnerabilities (e.g., OWASP Top 10, CWEs). - Proficiency in scripting and simple application development (e.g., PowerShell, Python, C#, C++). - Experience with industry-standard security tools (SAST, SCA, DAST, vulnerability scanning). - Leadership in Threat Modeling (STRIDE method preferred). - Penetration Testing experience (direct or supportive). - Securing development and cloud environments (Azure preferred) and the DevSecOps (CI/CD) pipeline. - Strong communication skills, both verbal and written.
Preferred Qualifications
- Medical Systems Knowledge: Experience with medical information system administration and familiarity with medical device security standards and regulations (e.g., FDA Premarket Cybersecurity Guidance, IEC 81001-5-1, AAMI TIR57, AAMI SW96).
- Regulated Industry Experience: Experience in software development and verification within a regulated industry.
- Technical Support Experience: Experience providing technical support to field service teams and/or end-users.
- Certifications: Security-related certifications (e.g., CISSP), OS (Windows, Linux), and networking (Cisco) certifications are strongly preferred.