Product Cybersecurity Engineer

About the position

At Baxter, we are deeply connected by our mission. No matter your role at Baxter, your work makes a positive impact on people around the world. You'll feel a sense of purpose throughout the organization, as we know our work improves outcomes for millions of patients. Baxter's products and therapies are found in almost every hospital worldwide, in clinics and in the home. For over 85 years, we have pioneered significant medical innovations that transform healthcare. Together, we create a place where we are happy, successful and inspire each other. This is where you can do your best work. Join us at the intersection of saving and sustaining lives- where your purpose accelerates our mission.

Responsibilities

• Implement proof of concept project to define innovative solutions on platforms/server platforms
• Lead implementation of medical device cybersecurity principles as part of an overall security architecture
• Create, own, and maintain system requirements, architectures, risk analysis and other specifications that define the cybersecurity functionality of medical device systems both embedded and hosted
• Create threat models of medical device systems and the interfaces between medical devices
• Perform vulnerability scanning of medical device systems and analyze results
• Monitor threat intelligence and analyze CWEs and CVEs that affect medical device systems and propose solutions
• Drive cybersecurity improvements through product the cross functional teams, primarily software
• Lead discussions to resolve competing constraints between interrelated functions (Engineering, Risk Management, Compliance, Clinical, Human Factors, Regulatory, Marketing, Service)
• Ensure compliance to the product development process and Quality System and Design Control requirements
• Interface with regulatory bodies, representing Baxter and Baxter products, and ensure that regional cybersecurity needs are met
• Contribute to external communications (bulletins, FAQs, etc.) related to cybersecurity

Requirements

• BS in computer science, engineering, mathematics, information management, or related field with 5+ years of industry experience or Masters with 3+ years
• Experience with threat modeling, penetration testing, fuzz testing, vulnerability scanning, secure code analysis
• Experience with cybersecurity related software such as Blackduck, Coverity, etc.
• Experience dealing with threat intelligence, CWEs and CVEs
• Familiarity with cybersecurity related organizations and certifications such as UL (UL-2900), ICS-CERT, FIPS 140, etc.
• Experience with cybersecurity functionality on embedded systems and hosted software applications
• Requires strong organization and communication skills, with the ability to interface with both technical and non-technical personnel
• Ability to convince management on courses of action with minimal assistance using both written and verbal methods
• Must be able to provide solutions that reflect understanding business objectives

Benefits

• Medical and dental coverage that start on day one
• Insurance coverage for basic life, accident, short-term and long-term disability, and business travel accident insurance
• Employee Stock Purchase Plan (ESPP), with the ability to purchase company stock at a discount
• 401(k) Retirement Savings Plan (RSP), with options for employee contributions and company matching
• Flexible Spending Accounts
• Educational assistance programs
• Paid holidays
• Paid time off ranging from 20 to 35 days based on length of service
• Family and medical leaves of absence
• Paid parental leave
• Commuting benefits
• Employee Discount Program
• Employee Assistance Program (EAP)
• Childcare benefits