Senior Product Security Engineer

A Product Security Engineer at a Medical Consulting company we are working with is responsible for ensuring the security and integrity of the company's products throughout their lifecycle. This role combines technical expertise in software and system security with a deep understanding of healthcare technology and regulatory compliance. The specific job description for a Product Security Engineer includes the following responsibilities:

1. Product Security Assessments: Conduct thorough security assessments of new and existing medical devices and healthcare software products. Identify potential vulnerabilities, design flaws, and security risks.
2. Security Testing: Develop and execute comprehensive security testing plans, including penetration testing, vulnerability scanning, code review, and other testing methodologies. Analyze test results and provide recommendations for remediation.
3. Security Architecture: Collaborate with product development teams to design and implement secure software architectures, including secure coding practices, authentication and authorization mechanisms, and data protection strategies.
4. Risk Management: Assess and mitigate security risks associated products. Develop risk mitigation strategies and work with cross-functional teams to implement appropriate security controls.
5. Compliance and Standards: Stay up to date with relevant industry regulations, standards, and best practices, such as HIPAA, FDA guidelines, and medical device cybersecurity frameworks.
6. Incident Response: Develop and maintain incident response plans for potential security breaches or incidents. Provide guidance and support to the incident response team during security events.
7. Security Training and Awareness: Conduct training sessions and workshops to educate product development teams on secure coding practices, security principles, and emerging threats. Foster a culture of security awareness within the organization.
8. Research and Innovation: Stay abreast of the latest security trends, technologies, and vulnerabilities in the healthcare industry. Continuously enhance knowledge and skills through research, training, and certifications.

Qualifications:

• Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
• Strong understanding of software security principles, secure coding practices, and common vulnerabilities.
• Experience with security testing methodologies, such as penetration testing, vulnerability scanning, and code review.
• Knowledge of healthcare technology, medical device security, and relevant regulations (e.g., HIPAA, FDA guidelines).
• Familiarity with industry security frameworks and standards (e.g., NIST Cybersecurity Framework, ISO 27001).
• Proficiency in programming languages commonly used in healthcare software development (e.g., Java, C++, Python).
• Experience with security assessment tools and technologies (e.g., Burp Suite, Wireshark, static analysis tools).

Applicants must be currently authorized to work in the US on a full-time basis now and in the future.