Job Description

The Sr Product Security Engineer will be a member of the Product Security team with the objective to ensure that Varian Medical Systems (VMS) products are protected from cybersecurity threats throughout the entire life-cycle. Your focus will be first and foremost on connected medical devices and their innovation. You work with VMS Treatment Delivery & Imaging System (TDIS) teams to deliver expert architecture design and offer hands-on technical collaborations.  You work day-to-day with engineering teams to build Security & Privacy into Varian product lifecycle (pre-market & post-market).

 

For our DevSecOps tool sets (e.g. SAST, vulnerability scanning), you optimize the rule sets to enable actionable alerts. You build and mature the reporting and alert management framework for meaningful matrices across VMS portfolio.  You participate and lead the cybersecurity incident response and complaint investigation process for Varian products.  You drive effective cybersecurity risk remediations in the field (e.g. install base).

You extend your support to VMS software portfolio to ensure security & privacy alignment across innovation initiatives.

 

Responsibilities:

• Integration of cyber-security considerations into product design, implementation, review, update, and EOL management
• Assume thought leadership to step outside the box, identify and implement solutions to effectively address common security & privacy challenges in connected Medical Devices (HW)
• Monitor product cyber-security threats and vulnerabilities, perform planned and on-demand Cybersecurity Risk Assessment; work with engineering teams to design and prioritize mitigating solutions
• Plan and coordinate comprehensive security assessments (e.g. Product Penetration Testing), analyze and report results, design, and direct remediation; support interactions with Customers or other external bodies as necessary
• Direct and improve the security of workflow and tools used in providing services (e.g. installation, trouble-shooting, remote access) and product support (e.g. MICAP standardization and updates); define the standard security settings(as default) in products and solutions based on hardening standards
• Coach stakeholders from project managers, developers, SW architects, system engineers, service and support engineers, and operations team on methods and frameworks for building, servicing, and supporting secure products and solutions
• Continuously maintain expertise and Information as well as Product Security by participating in industry forums, conferences and training events
• Provide hands-on technical support expertise in general SW design and development, system engineering, IT and networking as necessary
• Maintain complete confidentiality of company and customer intelligence acquired at work.

Requirements:

• Prefer candidates with a deep knowledge of firmware security
• Prefer candidates with experiences in microservices and Kubernetes
• Excellent communication and teamwork skills, with fluent written and spoken English.
• Bachelor’s degree in software engineering, computer science or related discipline.
• 3 years of professional work experience developing and testing software or hardware products.
• Experience with Java or C# /.NET or C++ programming.
• Experience with web programming and technologies.
• Experience with SQL Server or similar database systems.
• Experience doing formal verification testing

How to Apply

Please apply HERE.

Job Categories: IT / Software Development. Job Types: Full-Time. Job Tags: product security, security consultant, security engineer, and software development.

983 total views, 0 today

Apply for this Job

Name *

Email *

Message *

Upload resumé (pdf, doc, docx, zip, txt, rtf)

Upload cover letter (pdf, doc, docx, zip, txt, rtf)