Title: Staff Engineer (Product Security)
Location: 2350 Qume Drive, San Jose, California, USA 95131-1807
Duration: 12+ Months Contract
Staff Engineer – Product Security
Prefer candidates local to position.
As a member of the product security team, the Staff Engineer – Product Security will be responsible for working with software development teams to assess potential security vulnerabilities using recognized security standards and provide recommendations on resolving them. They must also have knowledge of operating systems as well as techniques and standards for security hardening (NIST SP 800-53, ISO/IEC 27001, OWASP, etc.). Potential candidates must be able to apply technical expertise and diagnostic skill to the evaluation of security vulnerabilities in combination with experience in security risk management to develop maintainable technical solutions. A successful candidate will thrive on working with other software engineers in a dynamic and collaborative development environment where meeting project goals and delivering quality is key.
• Lead product security risk assessments, hazard analysis, and provide vulnerability remediation guidance to product development software engineers.
• Implement software and OS security solutions in accordance with industry accepted standards for medical devices including: encryption, recovery, authentication, audit logging, hardening measures, patch management, vulnerability monitoring, and antivirus/antimalware.
• Develop and administer software engineering procedures and training for vulnerability scanning and static code analysis tools.
• Support systems for automated testing of software vulnerabilities and verification of OS security patches.
• Assist product development teams in creating security documentation including Incident and Vulnerability Management Plans and Product Security White Papers.
• Participate on product security incident response teams as appropriate.
• Participate in technical design reviews and code inspections and provide clear, actionable feedback for project team members, including demonstrating proper coding practices.
• Work with the project teams to develop necessary requirements, specifications and testing scope for OS configuration and patch verification for products.
• Ensure quality in security test deliverables, including design, data summary and interpretation, report and document preparation and review for adherence to applicable regulations.
• Minimum of a Bachelor’s Degree in Electrical Engineering, Computer Science or related engineering field.
• Minimum of 4 years of experience in software development.
• Minimum of 3 years of experience in product development within a quality management system.
• Minimum of 2 year of experience in secure coding practices.
• Experience with use and reporting from static code analysis and vulnerability scanning tools.
• Demonstrated positive work ethic with a strong commitment to achieving project goals.
• Excellent written and oral communication skills are essential.
• Experience with the Agile / Scrum development lifecycle.
• 2 years of experience with Agile / Scrum development lifecycle.
• 2 years of experience in medical devices / regulated environment.
• Knowledge of information security standards for product development.
• Experience with cybersecurity risk assessment and threat modeling.
• Knowledge of Windows OS configuration (ex. security, group policies, remote access).
• Experience with Database access management and security policies.