Job Information
TEKsystems Sr. Product Security Engineer in Lake Forest, California
Description:
Senior Product Security Engineer
JOB PURPOSE
• Plan, implement, upgrade, or monitor security measures for the protection of the company's SaMD networks and sensitive patient health information/personal information that is residing in those networks.
• Assess system vulnerabilities for security risks and propose and implement risk mitigation strategies.
• Build strong collaboration with cross-functional stakeholders and teams across the product development lifecycle.
• Build, deploy, and manage security tools and services in SaMD
• Design and implement scalable processes to provision cloud access for their SaMD
• Evaluate and respond to alerts and events from security tools
• Develop event response documentation and processes, including diagrams for system environments, cloud operations, and security tools
• Collaborate with security leadership, engineering, and compliance to execute security strategies
• Assist other teams in solving security issues in a manner that complies with business requirements and best practices
JOB FUNCTIONS
Essential Functions
Duties are listed in order of greatest importance. Other responsibilities may be assigned.
Perform Product Security Process for all the Internal Software as a Medical Device (SaMD) products.
Perform risk analysis of in development products; document and score findings, work with development teams to prioritize and reduce overall risks.
Create SBOM's from tools and scripts and communicate results and remediation to development teams.
Implement security improvements by assessing current architecture design, evaluating design trade off and proposing security solutions and requirements.
Prepare software for SAST, DAST, and fuzzing scans; review, document results, provide security fixes for software considerations.
Safeguard information system assets by identifying and solving potential and actual security problems.
Perform or support penetration tests which includes creating or reviewing security pentesting reports.
Review security updates for possible negative affects against internal SaMD products and monitor for new vulnerabilities.
QUALIFICATIONS
Minimum Requirement
BS of Computer Science or other related discipline with 7 years of relevant experience.
.NET development, C#, Scripting for Microsoft development environment, such as PowerShell, (C++ is a plus)
Solid understanding of Window OS services, processes, driver and registry configurations and analysis techniques
Experience with Windows and Linux cybersecurity configurations.
Experience with the following types of tools: SAST, DAST, SBOM, network forensics tools, fuzzing, standard penetration test tools.
Knowledge of networking and cybersecurity concepts.
Experience with Microsoft Visual Studios, ADO, or other integrated development environment (IDE) tool is a plus.
Ability to work independently, proactively identify issues, recommend and implement solutions and deliver quality results on schedule while managing multiple tasks and internal customers.
Understanding of Software Development Lifecycle Management (SDLC) – (Agile/Scrum, iterative)
Good interpersonal & Communication skills to build positive departmental and inter-departmental relationships in a virtual, remote, and asynchronous environment.
Knowledge, Skills and Abilities
Personal Effectiveness Competencies:
• Project Excellence - Fundamental
• Continuous Learning - Intermediate
• Digital and Technology Savvy - Intermediate
• Operational Excellence - Intermediate
• Breakthrough Analysis - Intermediate
• Organizational Savvy - Intermediate
Skills and Knowledge:
• STEM – Science, Technology, Engineering and Math
• Technical Development Methodology for Medical Devices (21 CFR 820.30, ISO 13485)
• Systems Engineering or Risk Management for Medical Device (ISO 14971)
• Medical Device Software – Software Life Cycle Processes (IEC 62304)
• Regulations and Guidelines associated with software development.
• Excellent verbal English communication skill (in a remote environment)
• Microsoft Office suite (i.e., Word, Excel, Visio)
Experiences
• Cross Functional collaboration - Primary
• New Product Innovation - Secondary
• Accountability - Primary
• Influencing without Authority - Primary
• Managing Crisis – Secondary
• Functional Breadth - Secondary
Skills:
Security, Information security, Cyber security, Cloud, Security architecture, Siem, AWS, Vulnerability management, Incident response
Top Skills Details:
Security,Information security,Cyber security,Cloud,Security architecture,Siem,AWS,Vulnerability management,Incident response
Experience Level:
Expert Level
About TEKsystems:
We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.
The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.