30+ days ago
Security is the key component across all products we develop, and we must continually ensure the security mindset culture and philosophy is integrated into all security practices within our development processes. Ensuring security and privacy for our customers, clients and their patients is a key mantra in all our work. We achieve this by making everyone accountable for security and strive to continually enhance and improve our Security mindset culture. We require and encourage collaboration and candor between teams and management and the right candidate should be a positive, forward-looking individual. They must be self-directed requiring minimal daily direction, collaborates often and effectively with project team members, presents a positive and professional demeanor with customers, and excels at solving difficult problems.
This role provides the scope to lead and enhance security for our next generation of products, while ensuring the current products are kept secure, to deal with the constant changes in the threat landscape. Day to day primary responsibilities include leadership in enhancing security tools and processes, relationship management, providing guidance to the team to deliver quality and secure application and our clients.
The candidate will need to possess software development skills specifically related to implementation of security requirements and secure coding standards, e.g., NIST SP 800-53, OWASP, and MS Secure Coding Standards. The candidate shall be able to evaluate product designs and provide solutions to remediate security vulnerabilities through product security risk assessments, vulnerability scans, and static and dynamic code analysis tools. In addition to security solutions for new product development, the role requires remediating vulnerabilities with existing products which requires detailed attention to implementation and product risk.
The Product Security Software Lead will participate in a full medical software development life cycle and adhere to a well-defined quality management system and Product Security Development Framework.
Implement software security solutions and architect/design products in accordance with industry accepted standards for medical device security including: encryption, disaster recovery, authentication, audit logging, hardening measures, patch management, vulnerability monitoring, and antivirus/antimalware requirements.
Lead product security risk assessments, hazard analysis, and provide vulnerability remediation guidance and mentoring to product development software engineers both on and off-site.
Lead technical design reviews and code inspections. Provide clear, actionable feedback for project team members
Develop and administer software engineering procedures and training for vulnerability scans and static code analysis
Assist product development teams in creating Incident and Vulnerability Management Plans and Product Security White Papers
Participate on product security incident response teams.
Interface with other technical departments such as Penetration Testing Team, Systems, Hardware Engineering, Quality, and technical services
Demonstrate proper secure coding practices driving standards within the software engineering organization
Collaborate with other BD resources to ensure effective design and implementation goals.
Assure adherence to BD development policies and software quality procedures
BS degree in Computer Science, Computer Engineering, Electrical Engineering, or other related engineering field is required
Minimum of 5 years of experience in software development, systems & architecture concepts and designs
Minimum of 5 years work experience in product development
Minimum of 5 years work experience with C#/.NET development
Minimum of 3 years work experience using secure coding practices
Required Knowledge, Skills and Attributes:
Working experience with various encryption algorithms
Experience with Dynamic and static code analysis tools
Demonstrated understanding of developing in a regulated environment and adhering to a quality management system
Excellent written and verbal communication and interpersonal skills are essential
Demonstrated positive work ethic with a strong commitment to achieving project goals
Knowledge of Completing a track Trace and plan using a Security Requirements Traceability Matrix (SRTM) or similar tool with the goal of tracking
Source of Requirement
Experience working in a regulated (FDA) environment with medical instrumentation is a plus
Candidate for or certification in InfoSec Security are a plus, e.g. CSSLP
Work experience in network security along with knowledge of Windows networking fundamentals (IP protocol, firewalls etc.) strongly desired
If you’re a team player who is passionate about Engineering and ‘advancing the world of health’ and we’ve just described your career aspirations, then please click on the APPLY button where you will be directed to our website to apply directly.
Interested in a career with BD, but this position doesn’t fit your skills and experience? Join our external EMEA Talent Community here: https://emea.jobs.bd.com/