This role requires a strategic understanding of the business, customer/ patient needs, product technology and the purpose & values of client to successfully deliver on the group priorities. A hands-on experience and interest in latest security standards, protocols, products and systems is mandatory for the success of this role.

 

Essential Responsibilities
• Support software development teams in building a security by design mindset by supporting implementation and code inline with the Application Security Program mandates.
• Implement solutions that meet security and privacy requirements defined in the security plans, risk assessments, policies, and procedures.
• Implement designs in accordance with secure software design guidelines to achieve desired security requirements and controls with the support of development leads, security architects and product owner(s).
• Implement features in line with the architecture via designs, coding, reviews and tests. Perform Proof of Concept (POC) activities as necessary.
• Review, Analyze and mitigate SAST, DAST, SCA and penetration test findings in collaboration with the developers for various non-medical and software as medical devices (SaMD) product lifecycles
• Support development of SBOM across multiple product lines
• Implement enhancements to software security controls across cloud-based medical products.
• Participate in post-market product analysis to support vulnerability investigations as required as well as be engaged in continuous security monitoring

Desired Technical skills / experience:

• Security developer able to support software development teams on secure coding practices and application security test report generation and interpretation for various coding languages and environments.
• Experience with secure software development lifecycle and practices including SAFe/ Agile methodologies for software development
• Understanding of security by design principles and architecture level security concepts, experienced with threat modeling and assessments
• Experience in implementing security technologies/techniques in cloud-based systems like Cryptographic Algorithms/Cipher Suites, Public key Infrastructure (PKI)), network security protocols, OAuth, 2-factor authentication, and data at rest encryption standards
• Experience implementing OWASP Top10 application security guidelines
• Experience with cloud-based design and security controls (e.g. network security, instance hardening, identify and access control, configuration best practices)
• Experience with penetration testing methodologies and tools including environmental configuration, security analysis, audits and reviews
• Knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities.
• Aware of international privacy requirements & cross industry trends.
• Desired: Exposure to Healthcare IT or medical device industry
• Desired: Experience integrating security tools into CI/CD pipelines
• Desired: Experience with AWS security controls

 

Qualifications and Skills
• Bachelor's degree in Computer Science, a related field or equivalent demonstrated experience and knowledge
• Minimum 8+ years of experience in software development or related fields.
• A minimum 3 years technical experience implementing cybersecurity requirements in cloud/hosted server environment
• A minimum 3 years working with each of the following:
o Software development experience using web/application software technologies such as C/C++, Java, .Net, python, etc.
o Experience analyzing, interpreting and mitigating security findings from multiple sources including SAST, DAST, SCA and penetration tests.
o AWS security, secure networking, and network hardening strategies
o Experience implementing Conditional Access & MFA solutions
o Privileged access management
• Professional Cyber security certifications: CISSP/OSCP/SSCP are a plus