Senior Product Security Engineer, Cloud (Remote)

This is where you save and sustain lives

At Baxter, we are deeply connected by our mission. No matter your role at Baxter, your work makes a positive impact on people around the world. You'll feel a sense of purpose throughout the organization, as we know our work improves outcomes for millions of patients.

Baxter's products and therapies are found in almost every hospital worldwide, in clinics and in the home. For over 85 years, we have pioneered significant medical innovations that transform healthcare.

Together, we create a place where we are happy, successful and inspire each other. This is where you can do your best work.

Join us at the intersection of saving and sustaining lives- where your purpose accelerates our mission.

As the Sr. Product Security Engineer you will be designing, building, testing and implementing systems with the primary goal of product security across Baxter's software as a medical device product portfolio in various operating environments. Prevention of breach of Intellectual Property (IP), Attack surface minimization, preventive security and privacy controls, incident/vulnerability management are some of the focal areas for this position.

This role requires deep knowledge of security by design, web-based secure code principles, and web application development including microservice security and system hardening in cloud environments. Candidates should have experience in web-application or cloud software development with a desire to secure products, thus protecting our customers and patients who use our products each day. Success in this role requires interest in building a security mindset through experience with the latest security standards, systems, protocols, and products.

Essential Responsibilities

• Work directly with software developers in building a security by design mindset by defining implementations and coding inline with the Application Security Program mandates
• Implement secure code solutions, design patterns, and code guidelines that meet security and privacy requirements defined in the security plans, risk assessments, policies, and procedures
• Work with development leads, security architects and product owners to implement security solutions meeting architectural and functional requirements
• Support security project governance through scheduling activities, planning and prioritization
• Implement security features in line with the architecture via designs, coding, reviews and tests. Perform Proof of Concept (POC) activities to demonstrate technical feasibility
• Review, Analyze and mitigate SAST, DAST, SCA, and penetration test results in collaboration with the developers for various non-medical and software as medical devices (SaMD) product lifecycles
• Support the review and improvement of current software security control measures across multiple medical devices
• Contribute to post-market product analysis supporting vulnerability investigations as required as well as be engaged in continuous security monitoring

Desired Technical skills / experience:

• Cloud-based application developer able to interpret and implement secure coding practices including application security test report interpretation for various coding languages and multiple cloud services
• Awareness of secure software development lifecycle and practices including SAFe/ Agile methodologies for software development
• Awareness of security by design principles and architecture level security concepts
• Experienced in interfacing with security technologies/techniques like Cryptographic Algorithms/Cipher Suites, Public key Infrastructure (PKI)), network security protocols, OAuth, 2-factor authentication, data at rest encryption standards, and experience implementing controls for OWASP Top10 application security guidelines for cloud-based web applications
• Experience with cloud-based design and services (e.g. network security, instance hardening, identify and access control, cloud environment configuration)
• Experienced in reviewing penetration test results and defining mitigations for potential vulnerabilities

Qualifications and Skills

• Bachelor's degree in Computer Science, a related field or equivalent demonstrated experience and knowledge
• Minimum 3+ years of experience in software development or related fields.
• Minimum 2 + years technical experience implementing product security requirements in cloud/hosted server environment
• 1+ years of software development experience using web/application software technologies such as C/C++, Java, .Net, python, etc.

#LI-MS1

#IND-USGBRD

The successful candidate for this job may be required to verify that he or she has been vaccinated against COVID-19, subject to reasonable accommodations for individuals with medical conditions or religious beliefs that prevent vaccination, and in accordance with applicable law.

Equal Employment Opportunity

Baxter is an equal opportunity employer. Baxter evaluates qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability/handicap status or any other legally protected characteristic.

EEO is the Law
EEO is the law - Poster Supplement
Pay Transparency Policy

Reasonable Accommodations

Baxter is committed to working with and providing reasonable accommodations to individuals with disabilities globally. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the application or interview process, please click on the link here and let us know the nature of your request along with your contact information.

Recruitment Fraud Notice

Baxter has discovered incidents of employment scams, where fraudulent parties pose as Baxter employees, recruiters, or other agents, and engage with online job seekers in an attempt to steal personal and/or financial information. To learn how you can protect yourself, review our Recruitment Fraud Notice.