Principal Product Security Engineer (Hybrid)
Publication date:
20 November 2024Workload:
100%Contract type:
Unlimited employment- Place of work:Skaneateles
This is where you save and sustain lives
At Baxter, we are deeply connected by our mission. No matter your role at Baxter, your work makes a positive impact on people around the world. You’ll feel a sense of purpose throughout the organization, as we know our work improves outcomes for millions of patients.
Baxter’s products and therapies are found in almost every hospital worldwide, in clinics and in the home. For over 85 years, we have pioneered significant medical innovations that transform healthcare.
Together, we create a place where we are happy, successful and inspire each other. This is where you can do your best work.
Join us at the intersection of saving and sustaining lives— where your purpose accelerates our mission.
Your role at Baxter
This is where your expertise helps people.
You are a problem solver. Complex projects or unexpected challenges are just opportunities to bring your considerable abilities to use. Whether working independently or with a trusted team, you are always ready to tackle a project and work hard to find solutions. As a Principal Product Security Engineer, you will help drive cybersecurity requirements and technologies for existing and new products. You will work with teams through all phases of development to ensure our products meets the standards and privacy concerns of our customers and patients. You will monitor potential threats, analyze security risks, and collaborate to remediate findings. Staying current with modern technologies and findings will allow you to guide teams on mitigating emerging threats for new product development and product sustaining efforts.
Your team
As a Product Security Engineer, you will have the opportunity to lead by example, and enjoy mentoring and learning from others. Here, you are trusted to manage your own time and are given opportunities to grow your career as you wish. Here, you often have the flexibility to work independently. We provide opportunities for you to continue to learn through various training, conferences, certifications, and support for advanced degrees.
What you'll be doing
Create technical documentation around the security of a product including:
- Threat modeling and interface architecture,
- Data Protection Impact Assessment
- Product Security whitepapers
- Manufacturer Disclosure Statement for Medical Devices
- Software Bill of Materials
- Static code analysis reports
- Work collaboratively with the product development teams to establish information security requirements, plans, and policies.
- Establish governance around vulnerability management in products
- Assist in responses to and recovery from a security breach in conjunction with other team members and business units
- Use tools (Tenable Nessus, Fortify, Coverity, etc.) to scan for and test possible product vulnerabilities
- Stay ahead of and advise about industry zero day discoveries and react to assess products
- Work collaboratively with product teams on annual SOC2 and HiTrust audits for products
- Investigate security breaches
- Participate in project planning and scoping of security related deliverables and activities.
- Assess 3rd party and off the shelf components for secure use.
What you'll bring
- Bachelor’s degree in Computer Science or a related field desired.
- 5+ years of secure software development life-cycle experience.
- Solid understanding of application security throughout the software life-cycle.
- Experience in addressing OWASP Top 10 vulnerabilities.
- Experience developing or analyzing secure coding practices with technologies such as ASP.Net (C#), SQL Server, HTML, C++.
- Strong technical writing skills.
- Familiarity with the privacy by design framework.
- Experience with Threat modeling methodologies like STRIDE, DREAD, LINDDUN, or PASTA.
- Experience performing security risk assessments and the ability to communicate impact of risk.
- Experience analyzing and documenting possible vulnerabilities found during development.
- Familiarity with industry standards and guidance such as IEC TR 80001, NIST 800-53, ISO IEC 27001 & 27002, etc.
- Expertise in designing secure networks, systems, and application architectures.
- Certification in security such as CAP, CSSLP, or equivalent desired but not required.
- Keen attention to detail, critical thinking and analytical abilities
- Proven interpersonal and communication (verbal, written, presentation) skills.
Baxter is committed to supporting the needs for flexibility in the workplace. We do so through our flexible workplace policy which includes a minimum of 3 days a week onsite. This policy provides the benefits of connecting and collaborating in-person in support of our Mission.
We understand compensation is an important factor as you consider the next step in your career. At Baxter, we are committed to equitable pay for all employees, and we strive to be more transparent with our pay practices. The estimated base salary for this position is $104,000 to $143,000 annually. The estimated range is meant to reflect an anticipated salary range for the position. We may pay more or less than of the anticipated range based upon market data and other factors, all of which are subject to change. Individual pay is based on upon location, skills and expertise, experience, and other relevant factors. This position may also be eligible for discretionary bonuses. For questions about this, our pay philosophy, and available benefits, please speak to the recruiter if you decide to apply and are selected for an interview.
#LI-ASR2
Applicants must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment visa at this time.
Equal Employment Opportunity
Baxter is an equal opportunity employer. Baxter evaluates qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability/handicap status or any other legally protected characteristic.
EEO is the Law
EEO is the law - Poster Supplement
Pay Transparency Policy
Reasonable Accommodations
Baxter is committed to working with and providing reasonable accommodations to individuals with disabilities globally. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the application or interview process, please click on the link here and let us know the nature of your request along with your contact information.
Recruitment Fraud Notice
Baxter has discovered incidents of employment scams, where fraudulent parties pose as Baxter employees, recruiters, or other agents, and engage with online job seekers in an attempt to steal personal and/or financial information. To learn how you can protect yourself, review our Recruitment Fraud Notice .
Contact
Baxter AG