Principal Product Security Engineer (Hybrid)

This is where you save and sustain lives

At Baxter, we are deeply connected by our mission. No matter your role at Baxter, your work makes a positive impact on people around the world. You'll feel a sense of purpose throughout the organization, as we know our work improves outcomes for millions of patients.

Baxter's products and therapies are found in almost every hospital worldwide, in clinics and in the home. For over 85 years, we have pioneered significant medical innovations that transform healthcare.

Together, we create a place where we are happy, successful and inspire each other. This is where you can do your best work.

Join us at the intersection of saving and sustaining lives- where your purpose accelerates our mission.

Your role at Baxter

This is where your expertise helps people.

You are a problem solver. Complex projects or unexpected challenges are just opportunities to bring your considerable abilities to use. Whether working independently or with a trusted team, you are always ready to tackle a project and work hard to find solutions. As a Principal Product Security Engineer, you will help drive cybersecurity requirements and technologies for existing and new products. You will work with teams through all phases of development to ensure our products meet the standards and privacy concerns of our customers and patients. You will monitor potential threats, analyze security risks, and collaborate to remediate findings. Staying current with modern technologies and findings will allow you to guide teams on mitigating emerging threats for new product development and product sustaining efforts.

Your team

As a Product Security Engineer, you will have the opportunity to lead by example, and enjoy mentoring and learning from others. Here, you are trusted to manage your own time and are given opportunities to grow your career as you wish. Here, you often have the flexibility to work independently. We provide opportunities for you to continue to learn through various training, conferences, certifications, and support for advanced degrees.

What you'll be doing

• Create technical documentation around the security of a product including:
• Threat modeling and interface architecture,
• Data Protection Impact Assessment
• Product Security whitepapers
• Manufacturer Disclosure Statement for Medical Devices
• Software Bill of Materials
• Static code analysis reports
• Work collaboratively with the product development teams to establish information security requirements, plans, and policies.
• Establish governance around vulnerability management in products.
• Assist in responses to and recovery from a security breach in conjunction with other team members and business units.
• Use tools (Tenable Nessus, Fortify, Coverity, etc.) to scan for and test possible product vulnerabilities.
• Stay ahead of and advise about industry zero day discoveries and react to assess products.
• Work collaboratively with product teams on annual SOC2 and HiTrust audits for products.
• Investigate security breaches.
• Participate in project planning and scoping of security related deliverables and activities.
• Assess 3rd party and off the shelf components for secure use.

What you'll bring

• Bachelor's degree in Computer Science or a related field desired.
• 5+ years of secure software development life-cycle experience.
• Solid understanding of application security throughout the software life-cycle.
• Experience in addressing OWASP Top 10 vulnerabilities.
• Experience developing or analyzing secure coding practices with technologies such as ASP.Net (C#), SQL Server, HTML, C++.
• Strong technical writing skills.
• Familiarity with the privacy by design framework.
• Experience with Threat modeling methodologies like STRIDE, DREAD, LINDDUN, or PASTA.
• Experience performing security risk assessments and the ability to communicate impact of risk.
• Experience analyzing and documenting possible vulnerabilities found during development.
• Familiarity with industry standards and guidance such as IEC TR 80001, NIST 800-53, ISO IEC 27001 & 27002, etc.
• Expertise in designing secure networks, systems, and application architectures.
• Certification in security such as CAP, CSSLP, or equivalent desired but not required.
• Keen attention to detail, critical thinking and analytical abilities.
• Proven interpersonal and communication (verbal, written, presentation) skills.