Senior Product Security Engineer (Remote)

Job Description

As a member of the global R&D organization, the Senior Product Security Engineer is responsible for creating and implementing cutting-edge security solutions and infrastructures that will ensure Bracco Medical Technologies (BMT) products are secure and resilient.

This role will provide opportunities to influence stakeholders as well as members of the core product development team in a professional manner, provide leadership of work streams and deliver results effectively while working cross-functionally with technical and other professional talent, from various facilities and from diverse technical and non-technical backgrounds.

Ongoing training and education would be offered on security domains and technologies for this position.

Bracco Medical Technologies is able to consider remote or hybrid working arrangements.

Primary Duties & Responsibilities:

• Partner with the product and software engineering teams to assist with design reviews, code reviews, threat modelling, penetration testing, security issues remediation, and other security related activities.
• Support developers of our business units in their SDLC and provide guidance regarding mitigations to emerging threats and remediation planning.
• Build security champions within product and R&D teams and to help mature their secure software development practices.
• Develop and leverage partnerships effectively with cross-functional teams including, R&D Quality, Manufacturing and Regulatory to achieve business results
• Develop security training and deliver to internal development teams and other stakeholders.
• Lead the evaluation of new security tools and technologies and build internal tools as needed.
• Lead security tools integration such as Static Code Analysis (SAST), Software Composition Analysis (SCA) and Dynamic Application Security Testing (DAST) tools.
• Other duties and responsibilities as required to support the changing security needs of the organization.

Required Skills

Minimum

• Where permitted by applicable law, must have received or be willing to receive the COVID-19 vaccine by date of hire to be considered for U.S.-based job, if not currently employed by ACIST Medical Systems
• Bachelor of Science in Computer Engineering, Computer Science, Software Engineering, Electrical Engineering, Computer Systems Engineering, or a related discipline.
• 5 years' experience in systems security administration control and/or software engineering experience or other related experience
• 3 years' experience in product security testing, security consultancy or equivalent.
• Have knowledge of industry standards and frameworks such as OWASP, NIST, SANS, MITRE ATT&CK, etc.
• Strong interpersonal and communication skills
• Strong technical writing and presentation skills
• Have experience and success in implementing effective Secure SDLC frameworks.
• Demonstrated problem-solving and leadership skills
• Demonstrated experience working with a multi-discipline, global team
• Excellent communication, influencing skills and ability to gain buy-in for initiatives

Preferred:

• Development experience in C#, C++ or Java preferred but not required
• Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE) or Offensive Security Web Expert (OSWE) certification preferred but not required.
• Cloud security experience preferred
• Experience with embedded systems, firmware and IoT security
• Travel up to 10% domestic and international