Principal Product Security Engineer, Cloud (Remote)

This is where you save and sustain lives

At Baxter, we are deeply connected by our mission. No matter your role at Baxter, your work makes a positive impact on people around the world. You'll feel a sense of purpose throughout the organization, as we know our work improves outcomes for millions of patients.

Baxter's products and therapies are found in almost every hospital worldwide, in clinics and in the home. For over 85 years, we have pioneered significant medical innovations that transform healthcare.

Together, we create a place where we are happy, successful and inspire each other. This is where you can do your best work.

Join us at the intersection of saving and sustaining lives- where your purpose accelerates our mission.

As the Principal Product Security Engineer you will be responsible for designing, building, testing and implementing systems with the primary goal of product security across Baxter's software within the medical device product portfolio in various operating environments. Prevention of breach of Intellectual Property (IP), Attack surface minimization, preventive security and privacy controls, incident/vulnerability management are some of the focal areas for this position.

This role requires deep knowledge of security by design, web-based secure code principles, and web application development including microservice security and system hardening in cloud environments. Candidates should have experience in web-application development or cloud software development with a desire to secure products protecting our customers and patients who use our products each day. Success in this role required a strong understanding and interest of the latest security standards, systems, protocols, and products.

Essential Responsibilities

• Work directly with software developers in building a security by design mindset by defining implementations and coding inline with the Application Security Program mandates
• Implement secure code solutions, design patterns, and code guidelines that meet security and privacy requirements defined in the security plans, risk assessments, policies, and procedures
• Support security project governance through scheduling activities, planning and prioritization
• Proactively drive security solutions implementation in-alignment with the development leads, security architects and product owner(s)
• Drive feature implementations in line with the architecture via designs, coding, reviews and tests. Perform Proof of Concept (POC) activities as necessary
• Review, Analyze and mitigate SAST, DAST, SCA, and penetration test results in collaboration with the developers for various non-medical and software as medical devices (SaMD) product lifecycles
• Review current software security control measures and implement security enhancements for multiple cloud-based products
• Participate in post-market product analysis to support vulnerability investigations as required as well as be engaged in continuous security monitoring

Desired Technical skills / experience:

• Experienced security developer able to interpret and guide software development teams on secure coding practices and application security test report interpretation for various coding languages and multiple cloud services
• Strong knowledge of secure software development lifecycle and practices including SAFe/ Agile methodologies for software development
• Understanding of security by design principles and architecture level security concepts
• Sound understanding and experience in implementing security technologies/techniques like Cryptographic Algorithms/Cipher Suites, Public key Infrastructure (PKI)), network security protocols, OAuth, 2-factor authentication, and data at rest encryption standards
• Experience implementing OWASP Top10 application security guidelines in cloud-based web applications
• Experience with cloud-based design and security controls (e.g. network security, instance hardening, identify and access control, cloud environment configuration best practices)
• Experienced in generating, defining, and reviewing penetration test results through knowledge of standard methodologies and tools including environmental configuration definition, security analysis, threat modeling, and system security audits
• Knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities
• Exposure to international privacy requirements & cross-industry trends

This position can be located remotely within the US, except for Colorado

Qualifications and Skills

• Bachelor's degree in Computer Science, a related field or equivalent demonstrated experience and knowledge
• Minimum 5+ years of experience in software development or related fields.
• Minimum 3 years technical experience implementing product security requirements in cloud/hosted server environment
• 2 years working with each of the following:
  • Software development experience using web/application software technologies such as C/C++, Java, .Net, python, etc.
  • Experience analyzing, interpreting, and mitigating security findings from multiple sources including SAST, DAST, SCA and penetration tests.
  • AWS network security controls

#LI-MS1

#IND-USGBRD

The successful candidate for this job may be required to verify that he or she has been vaccinated against COVID-19, subject to reasonable accommodations for individuals with medical conditions or religious beliefs that prevent vaccination, and in accordance with applicable law.

Equal Employment Opportunity

Baxter is an equal opportunity employer. Baxter evaluates qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability/handicap status or any other legally protected characteristic.

EEO is the Law
EEO is the law - Poster Supplement
Pay Transparency Policy

Reasonable Accommodations

Baxter is committed to working with and providing reasonable accommodations to individuals with disabilities globally. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the application or interview process, please click on the link here and let us know the nature of your request along with your contact information.

Recruitment Fraud Notice

Baxter has discovered incidents of employment scams, where fraudulent parties pose as Baxter employees, recruiters, or other agents, and engage with online job seekers in an attempt to steal personal and/or financial information. To learn how you can protect yourself, review our Recruitment Fraud Notice.