Advisory Product Security Engineer (Remote)

CMS, Softaid.local

The Cardiac Management Solutions division of ZOLL Medical Corporation develops products to protect and manage cardiac patients, including the LifeVest® wearable cardioverter defibrillator (WCD), the ZOLL cardiac monitor, and associated technologies.

Heart disease is the leading cause of death for both men and women in the U.S. At ZOLL, your work will help to ensure cardiac patients get the life-saving therapy they need. To date, the LifeVest WCD has been worn by hundreds of thousands of patients and saved thousands of lives.

ZOLL has been Pittsburgh's Manufacturer of the Year, one of Western PA's Healthiest Employers, and even one of Pittsburgh's Coolest Offices. But it's our unique opportunity to impact people's lives that makes ZOLL the ideal place to build your career.

Job purpose

The Advisory Product Security Engineer is a senior level position responsible for guiding, mentoring and operationalizing a robust cybersecurity program focused on cloud infrastructure.

Your role on the team will include working closely with other security engineers, application development engineers, business stakeholders, regulatory and compliance divisions, end users and product managers to discover, understand and communicate security best practices, recommend solutions, and policy and security controls for improved security posture. This role will be part of the Platform Team and provide support for all areas of product cybersecurity including secure design strategies, risk management, testing, training, monitoring, product incident response, and helping to interface with external regulatory bodies.

Duties and responsibilities

• Implement and improve a strong product cybersecurity program
• Take end-to-end ownership of Product Security Engineering areas including design requirements, secure coding practices, developer training, CI/CD automation, Static and Dynamic analysis (SAST/DAST), and automation tools engineering, documentation and interfacing with external security vendors and regulatory bodies.
• Experience in applying OWASP Top 10 and other industry standard software hardening practices
• Perform threat modeling, vulnerability analysis and risk assessment
• Perform vulnerability triage to prioritize issues, eliminate false positive, articulate issues to developers and provide the best practices and governance for remediation
• Assist with security testing of products, including internal penetration testing and working with third-party security assessment and pen testing companies.
• Collaborate with and train developers and infrastructure teams to remediate vulnerabilities and develop best practices
• Works with audit and other security/compliance divisions to ensure cross-team communication in support of compliance activities.
• Responds to product security questionnaires
• To fulfill this role, a regular cadence of study in cybersecurity and attendance at conferences is required
• Other duties as assigned.

Qualifications

• BS degree or equivalent in Computer Science, Computer Engineering or equivalent related experience
• Typically 10+ years of professional development experience with 5 years of application security experience
• Awareness of regulatory/statutory compliance e.g. PCI, GDPR,CCPA,ISO 27001 & NIST 800-53, NIST 800-161, and other information security procedures and protocols (including FDA Pre- and Post-market Guidance on Cybersecurity for Medical Devices).
• Knowledge of industry specific legal and regulatory requirements GDPR/HIPPA
• Background in risk management frameworks
• Knowledge of AWS native security and infrastructure tools.
• Professional experience, preferably with medical devices with embedded software
• Certifications such as CISM, CISSP, Global Information Assurance Certification (GIAC) or CompTIA Security+ Certification
• Experience in Agile development process
• Highly motivated to learn and work in a team environment

Working conditions

Consistent with work environment in a typical office setting. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Physical requirements

The person in this position needs to occasionally move about inside the office, operate a computer and communicate with other team members.

Supervisory responsibility

None

AAP/EEO Statement

ZOLL is committed to fostering an inclusive workplace, where unique identities, backgrounds, cultures, perspectives and experiences are respected and valued.

Equal Opportunity Employer - Disability and Veteran

#LI-KH1

Other Duties:

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities will be reviewed periodically as duties and responsibilities change with business necessity. Essential and marginal job functions are subject to modification.

ZOLL Medical Corporation appreciates and values diversity. We are an Equal Opportunity Employer M/F/D/V.

ADA: The employer will make reasonable accommodations in compliance with the Americans with Disabilities Act of 1990.