Senior Product Security Engineer

About The Position

Requirements

• Master’s or Bachelor’s degree in Computer Science, Management Information Science, Engineering, or a related technical field.
• 4+ years of relevant experience in: Computer and network security
• Cloud base platform experience
• Computer networking administration
• Microsoft Windows and Linux operating systems
• Software application testing and maintenance
• Cybersecurity Risk Assessment
• Knowledge of the secure development lifecycle and experience in a development environment.
• Expertise in application secure design and code reviews, with an understanding of Secure Coding standards and common vulnerabilities (e.g., OWASP Top 10, CWEs).
• Proficiency in scripting and simple application development (e.g., PowerShell, Python, C#, C++).
• Experience with industry-standard security tools (SAST, SCA, DAST, vulnerability scanning).
• Leadership in Threat Modeling (STRIDE method preferred).
• Penetration Testing experience (direct or supportive).
• Securing development and cloud environments (Azure preferred) and the DevSecOps (CI/CD) pipeline.
• Strong communication skills, both verbal and written.

Nice To Haves

• Experience with medical information system administration and familiarity with medical device security standards and regulations (e.g., FDA Premarket Cybersecurity Guidance, IEC 81001-5-1, AAMI TIR57, AAMI SW96).
• Experience in software development and verification within a regulated industry.
• Experience providing technical support to field service teams and/or end-users.
• Security-related certifications (e.g., CISSP), OS (Windows, Linux), and networking (Cisco) certifications are strongly preferred.

Responsibilities

• Drive a Secure by Design culture across product teams, ensuring adherence to security standards and best practices.
• Participate in the continuous improvement of our Secure by Design policies and procedures, aligning products with the latest security requirements and regulatory standards.
• Support the creation and maintenance of security design documentation and architecture diagrams.
• Conduct and document ongoing security assessments, including Threat Modeling, for Hologic products and remote connectivity solutions, providing support to product teams as needed.
• Perform Security Risk Management activities to address identified vulnerabilities and security design issues.
• Create and maintain security controls and requirements while actively participating in design discussions and activities.
• Assist in product development efforts, including Security Code Reviews, to ensure compliance with Secure by Design principles and the implementation of appropriate security controls.
• Support the automation of security testing and reporting, manage security tooling, and secure our cloud environments.
• Oversee ongoing security monitoring of in-market products and connected health solutions, participating in incident response investigations as necessary.
• Educate sales and service teams on securing our products, connected health solutions, and their operating environments.

Benefits

• Comprehensive training when you join
• Continued development and training throughout your career
• Competitive salary
• Annual bonus scheme