Principal Cybersecurity Engineer

About The Position

Requirements

• Bachelor's degree in Computer Science or a related field desired.
• 5+ years of secure software development life-cycle experience.
• Solid understanding of application security throughout the software life-cycle.
• Experience in addressing OWASP Top 10 vulnerabilities.
• Experience developing or analyzing secure coding practices with technologies such as ASP.Net (C#), SQL Server, HTML, C++.
• Strong technical writing skills.
• Familiarity with the privacy by design framework.
• Experience with Threat modeling methodologies like STRIDE, DREAD, LINDDUN, or PASTA.
• Experience performing security risk assessments and the ability to communicate impact of risk.
• Experience analyzing and documenting possible vulnerabilities found during development.
• Familiarity with industry standards and guidance such as IEC TR 80001, NIST 800-53, ISO IEC 27001 & 27002, etc.
• Expertise in designing secure networks, systems, and application architectures.
• Keen attention to detail, critical thinking and analytical abilities
• Proven interpersonal and communication (verbal, written, presentation) skills.

Nice To Haves

• Certification in security such as CAP, CSSLP, or equivalent desired but not required.

Responsibilities

• Create technical documentation around the security of a product including:
• Threat modeling and interface architecture.
• Data Protection Impact Assessment.
• Product Security whitepapers.
• Manufacturer Disclosure Statement for Medical Devices.
• Software Bill of Materials.
• Static code analysis reports.
• Work collaboratively with the product development teams to establish information security requirements, plans, and policies.
• Establish governance around vulnerability management in products.
• Assist in responses to and recovery from a security breach in conjunction with other team members and business units.
• Use tools (Tenable Nessus, Fortify, Coverity, etc.) to scan for and test possible product vulnerabilities.
• Stay ahead of and advise about industry zero day discoveries and react to assess products.
• Work collaboratively with product teams on annual SOC2 and HiTrust audits for products.
• Investigate security breaches.
• Participate in project planning and scoping of security related deliverables and activities.
• Assess 3rd party and off the shelf components for secure use.

Benefits

• Baxter offers comprehensive compensation and benefits packages for eligible roles.
• Our health and well-being benefits include medical and dental coverage that start on day one, as well as insurance coverage for basic life, accident, short-term and long-term disability, and business travel accident insurance.
• Financial and retirement benefits include the Employee Stock Purchase Plan (ESPP), with the ability to purchase company stock at a discount, and the 401(k) Retirement Savings Plan (RSP), with options for employee contributions and company matching.
• We also offer Flexible Spending Accounts, educational assistance programs, and time-off benefits such as paid holidays, paid time off ranging from 20 to 35 days based on length of service, family and medical leaves of absence, and paid parental leave.
• Additional benefits include commuting benefits, the Employee Discount Program, the Employee Assistance Program (EAP), and childcare benefits.