Job Description

Job Responsibilities

In this role you will be responsible for designing, building, testing and implementing systems with the primary goal of security/patient safety across client's software as a medical device product portfolio in various operating environments. Prevention of breach of Intellectual Property (IP), Attack surface minimization, preventive security and privacy controls, incident/vulnerability management are some of the focal areas for this position.

This role requires a strategic understanding of the business, customer/ patient needs, product technology and the purpose & values of client to successfully deliver on the group priorities. A hands-on experience and interest in latest security standards, protocols, products and systems is mandatory for the success of this role.

Essential Responsibilities

  • Support software development teams in building a security by design mindset by supporting implementation and code inline with the Application Security Program mandates.
  • Implement solutions that meet security and privacy requirements defined in the security plans, risk assessments, policies, and procedures.
  • Implement designs in accordance with secure software design guidelines to achieve desired security requirements and controls with the support of development leads, security architects and product owner(s).
  • Implement features in line with the architecture via designs, coding, reviews and tests. Perform Proof of Concept (POC) activities as necessary.
  • Review, Analyze and mitigate SAST, DAST, SCA and penetration test findings in collaboration with the developers for various non-medical and software as medical devices (SaMD) product lifecycles
  • Support development of SBOM across multiple product lines
  • Implement enhancements to software security controls across cloud-based medical products.
  • Participate in post-market product analysis to support vulnerability investigations as required as well as be engaged in continuous security monitoring

Desired Technical skills / experience: 

  • Security developer able to support software development teams on secure coding practices and application security test report generation and interpretation for various coding languages and environments.
  • Experience with secure software development lifecycle and practices including SAFe/ Agile methodologies for software development
  • Understanding of security by design principles and architecture level security concepts, experienced with threat modeling and assessments
  • Experience in implementing security technologies/techniques in cloud-based systems like Cryptographic Algorithms/Cipher Suites, Public key Infrastructure (PKI)), network security protocols, OAuth, 2-factor authentication, and data at rest encryption standards
  • Experience implementing OWASP Top10 application security guidelines
  • Experience with cloud-based design and security controls (e.g. network security, instance hardening, identify and access control, configuration best practices)
  • Experience with penetration testing methodologies and tools including environmental configuration, security analysis, audits and reviews
  • Knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities.
  • Aware of international privacy requirements & cross industry trends.
  • Desired: Exposure to Healthcare IT or medical device industry
  • Desired: Experience integrating security tools into CI/CD pipelines
  • Desired: Experience with AWS security controls

Qualifications and Skills

  • Bachelor's degree in Computer Science, a related field or equivalent demonstrated experience and knowledge
  • Minimum 8+ years of experience in software development or related fields.
  • A minimum 3 years technical experience implementing cybersecurity requirements in cloud/hosted server environment
  • A minimum 3 years working with each of the following:
    • Software development experience using web/application software technologies such as C/C++, Java, .Net, python, etc.
    • Experience analyzing, interpreting and mitigating security findings from multiple sources including SAST, DAST, SCA and penetration tests.
    • AWS security, secure networking, and network hardening strategies
    • Experience implementing Conditional Access & MFA solutions
    • Privileged access management
  • Professional Cyber security certifications: CISSP/OSCP/SSCP are a plus