Principal Product Cybersecurity Engineer

About The Position

Requirements

• Bachelor's degree in Computer Science or a related field desired.
• 5+ years of secure software development life-cycle experience.
• Solid understanding of application security throughout the software life-cycle.
• Experience in addressing OWASP Top 10 vulnerabilities.
• Experience developing or analyzing secure coding practices with technologies such as ASP.Net (C#), SQL Server, HTML, C++.
• Strong technical writing skills.
• Familiarity with the privacy by design framework.
• Experience with Threat modeling methodologies like STRIDE, DREAD, LINDDUN, or PASTA.
• Experience performing security risk assessments and the ability to communicate impact of risk.
• Experience analyzing and documenting possible vulnerabilities found during development.
• Familiarity with industry standards and guidance such as IEC TR 80001, NIST 800-53, ISO IEC 27001 & 27002, etc.
• Expertise in designing secure networks, systems, and application architectures.
• Keen attention to detail, critical thinking and analytical abilities.
• Proven interpersonal and communication (verbal, written, presentation) skills.

Nice To Haves

• Certification in security such as CAP, CSSLP, or equivalent desired but not required.

Responsibilities

• Create technical documentation around the security of a product including: Threat modeling and interface architecture, Data Protection Impact Assessment, Product Security whitepapers, Manufacturer Disclosure Statement for Medical Devices, Software Bill of Materials, Static code analysis reports.
• Work collaboratively with the product development teams to establish information security requirements, plans, and policies.
• Establish governance around vulnerability management in products.
• Assist in responses to and recovery from a security breach in conjunction with other team members and business units.
• Use tools (Tenable Nessus, Fortify, Coverity, etc.) to scan for and test possible product vulnerabilities.
• Stay ahead of and advise about industry zero day discoveries and react to assess products.
• Work collaboratively with product teams on annual SOC2 and HiTrust audits for products.
• Investigate security breaches.
• Participate in project planning and scoping of security related deliverables and activities.
• Assess 3rd party and off the shelf components for secure use.

Benefits

• Medical and dental coverage that start on day one.
• Insurance coverage for basic life, accident, short-term and long-term disability, and business travel accident insurance.
• Employee Stock Purchase Plan (ESPP), with the ability to purchase company stock at a discount.
• 401(k) Retirement Savings Plan (RSP), with options for employee contributions and company matching.
• Flexible Spending Accounts.
• Educational assistance programs.
• Paid holidays and paid time off ranging from 20 to 35 days based on length of service.
• Family and medical leaves of absence.
• Paid parental leave.
• Commuting benefits.
• Employee Discount Program.
• Employee Assistance Program (EAP).
• Childcare benefits.