21 days ago
The Lead Product Security Engineer will be responsible for implementation of enterprise Product Security strategy and framework for the Robotic Platform. This includes identifying key strategy and goals, collaborating with internal organizations on existing process and policy enhancements, creating and communicating metrics to management, identifying communications plans and raising overall awareness of the capability. Specific responsibilities include supporting R&D throughout a new product's development phases, review product security requirements and recommend security design solutions, ensure the team completes Quality documentation, threat modelling, penetration testing, software architecture review and design recommendations, code analysis and other security testing or work as needed.
May require up to 25% travel. (Remote but must be OK with traveling if needed to.)
Additionally, post market responsibilities for surgical robotic platform marketed devices include monitoring for new vulnerabilities, leading the product security teams with patching and remediation plans, as well as responding to all customer security questionnaires and reviewing security language within contractual agreements.
- Help drive adherence to Product Security's overarching framework
- Partner with internal organizations to enhance existing processes and policies
- Champion Product Security strategy and objectives across the Robotic Platform
- Perform automated code scanning and coordinate formal security testing
- Respond to alerts and adverse events and assist in remediation as needed.
- Perform regular reviews and analysis of security reports and issues, propose solutions where appropriate and lead their remediation.
- Support ongoing SOC-2, HIPAA and other internal and external assessments and certifications.
- Respond to customer cybersecurity questionnaires for all post-market medical devices.
- Other MedTech cybersecurity related duties as needed
- Bachelor's degree or equivalent
- 3+years IT or cybersecurity experience
- Understanding of penetration testing, vulnerability scanning, CVSS and/or other general security testing principles
- Ability to provide secure coding recommendations
- Knowledge in at least one coding language (i.e. C/C++, C#, Python) with code review experience
- Ability to work autonomously and proactively seek out security opportunities within the different surgical robotics teams
- Knowledge of traditional and real-time operating systems (i.e. QNX, Windows Embedded) hardening techniques
- Ability to translate technical security requirements into solutions
- Creative problem-solving skills
- Customer focus (internal & external)
- Excellent communication and collaboration skills
- Experience leading or participating in formal security audits (i.e. HITRUST, SOC2, FedRAMP)
- Security certification like CISSP/ AWS Security Specialist/ CEH or CSSLP a strong plus.
- Hands-on experience with software security tools and platforms like Checkmarx, Black Duck, Jfrog Xray, etc.
- Hands-on experience with vulnerability assessment tools Qualys, Nexpose, etc.
- Knowledge of product or medical device security or MDDS platforms.
- Working knowledge of microservices architecture and API security.
- Experience working within Agile methodology.
- Understanding of Quality Design Control processes and FDA submission processes.
- Experience with web applications and server hardening (i.e. AWS, Azure) including knowledge of OWASP Top 10 and blue teaming techniques
- Software development experience
Dexian is a leading provider of staffing, IT, and workforce solutions with over 12,000 employees and 70 locations worldwide. As one of the largest IT staffing companies and the 2nd largest minority-owned staffing company in the U.S., Dexian was formed in 2023 through the merger of DISYS and Signature Consultants. Combining the best elements of its core companies, Dexian's platform connects talent, technology, and organizations to produce game-changing results that help everyone achieve their ambitions and goals.
Dexian's brands include Dexian DISYS, Dexian Signature Consultants, Dexian Government Solutions, Dexian Talent Development and Dexian IT Solutions. Visit https://dexian.com/ to learn more.
Dexian is an Equal Opportunity Employer that recruits and hires qualified candidates without regard to race, religion, sex, sexual orientation, gender identity, age, national origin, ancestry, citizenship, disability, or veteran status.