Sr. Product Security Engineer II
Glaukos Corporation · Burlington, MA · 3 wk ago
Information TechnologyFull-time
What You’ll Do
- Define and drive implementation of technical security requirements and risk mitigations for new products and features.
- Create and maintain security architecture diagrams and models, including trust boundaries, data flows, and security control placement.
- Lead threat modeling for device features and connectivity use cases (local, network, cloud, removable media, service interfaces).
- Specify and review security control designs for authentication/authorization, secure communications, cryptographic key handling, secure logging, secure storage, and secure update mechanisms.
- Embed secure development practices into the engineering lifecycle: threat modeling, secure design reviews, secure coding, peer review criteria, and security gates for releases.
- Work with IEC 81001-5-1 standard Platform Hardening (Windows and Linux Devices)
- Partner with engineering teams to implement OS and application hardening measures, such as least privilege, service isolation, secure boot, host firewalling, and endpoint logging.
- Establish technical standards for account management, privilege management, remote access/service modes, and secure debug/manufacturing workflows.
- Firmware and Software Security Engineering
- Work with firmware teams to improve security of embedded components, device interfaces, and update flows (signed firmware, integrity verification, rollback considerations).
- Work with software teams to implement secure coding practices and standards.
- Collaborate with QA to integrate automated security testing into regression and release pipelines.
- Generate and maintain technical security artifacts used for FDA-aligned submissions and internal design controls.
- Maintain records of vulnerability assessments, mitigations, and patch processes.
- Support audit and inspection readiness with thorough, traceable documentation.
- Vulnerability & Incident Management
- Lead vulnerability assessment and mitigation activities for product software, firmware, OS components, and third-party libraries.
- Cross-Functional Leadership
- Act as the security subject matter expert across product teams.
- Provide training and mentoring to engineers on secure design and coding practices.
- Partner with compliance, regulatory, and quality teams to align product security strategy with organizational goals.