Principal Product Security Engineer

Aquí es donde salvas y sostienes vidas

En Baxter, estamos profundamente conectados por nuestra misión. No importa tu rol en Baxter, tu trabajo tiene un impacto positivo en la gente alrededor del mundo. Sentirá un propósito en toda la organización, ya que sabemos que nuestro trabajo mejora los resultados para millones de pacientes.

Los productos y terapias de Baxter se encuentran en casi cada hospital del mundo, el clínicas y en los hogares. Por más de 85 años hemos sido pioneros en innovaciones médicas significativas que transforman el cuidado en salud.

Juntos creamos un lugar donde somos felices, exitosos y nos inspiramos mutuamente. Aquí es donde puedes hacer tu mejor trabajo.

Únete a nosotros en la intersección de salvar y sostener vidas-donde tu propósito acelera nuestra misión.

Your role at Baxter

This is where your expertise helps people.

You are a problem solver. Complex projects or unexpected challenges are just opportunities to bring your considerable abilities to use. Whether working independently or with a trusted team, you are always ready to tackle a project and work hard to find solutions. As a Principal Product Security Engineer, you will help drive cybersecurity requirements and technologies for existing and new products. You will work with teams through all phases of development to ensure our products meets the standards and privacy concerns of our customers and patients. You will monitor potential threats, analyze security risks, and collaborate to remediate findings. Staying current with modern technologies and findings will allow you to guide teams on mitigating emerging threats for new product development and product sustaining efforts.

Your team

As a Product Security Engineer, you will have the opportunity to lead by example, and enjoy mentoring and learning from others. Here, you are trusted to manage your own time and are given opportunities to grow your career as you wish. Here, you often have the flexibility to work independently. We provide opportunities for you to continue to learn through various training, conferences, certifications, and support for advanced degrees.

What you'll be doing

Create technical documentation around the security of a product including:

• Threat modeling and interface architecture,
• Data Protection Impact Assessment
• Product Security whitepapers
• Manufacturer Disclosure Statement for Medical Devices
• Software Bill of Materials
• Static code analysis reports
• Work collaboratively with the product development teams to establish information security requirements, plans, and policies.
• Establish governance around vulnerability management in products
• Assist in responses to and recovery from a security breach in conjunction with other team members and business units
• Use tools (Tenable Nessus, Fortify, Coverity, etc.)  to scan for and test possible product vulnerabilities
• Stay ahead of and advise about industry zero day discoveries and react to assess products
• Work collaboratively with product teams on annual SOC2 and HiTrust audits for products
• Investigate security breaches
• Participate in project planning and scoping of security related deliverables and activities.
• Assess 3rd party and off the shelf components for secure use.

What you'll bring

• Bachelor’s degree in Computer Science or a related field desired.
• 5+ years of secure software development life-cycle experience.
• Solid understanding of application security throughout the software life-cycle.
• Experience in addressing OWASP Top 10 vulnerabilities.
• Experience developing or analyzing secure coding practices with technologies such as ASP.Net (C#), SQL Server, HTML, C++.
• Strong technical writing skills.
• Familiarity with the privacy by design framework.
• Experience with Threat modeling methodologies like STRIDE, DREAD, LINDDUN, or PASTA.
• Experience performing security risk assessments and the ability to communicate impact of risk.
• Experience analyzing and documenting possible vulnerabilities found during development.
• Familiarity with industry standards and guidance such as IEC TR 80001, NIST 800-53, ISO IEC 27001 & 27002, etc.
• Expertise in designing secure networks, systems, and application architectures.
• Certification in security such as CAP, CSSLP, or equivalent desired but not required.
• Keen attention to detail, critical thinking and analytical abilities
• Proven interpersonal and communication (verbal, written, presentation) skills.

Baxter is committed to supporting the needs for flexibility in the workplace. We do so through our flexible workplace policy which includes a required minimum number of days a week onsite. This policy provides the benefits of connecting and collaborating in-person in support of our Mission. The flexible workplace policy is subject to local laws and legal requirements. At its discretion, Baxter may decide to adjust, suspend, or discontinue as business needs change.

We understand compensation is an important factor as you consider the next step in your career. At Baxter, we are committed to equitable pay for all employees, and we strive to be more transparent with our pay practices. The estimated base salary for this position is $104,000 to $143,000 annually. The estimated range is meant to reflect an anticipated salary range for the position. We may pay more or less than of the anticipated range based upon market data and other factors, all of which are subject to change. Individual pay is based on upon location, skills and expertise, experience, and other relevant factors. This position may also be eligible for discretionary bonuses. For questions about this, our pay philosophy, and available benefits, please speak to the recruiter if you decide to apply and are selected for an interview.

#LI-ASR2

Applicants must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment visa at this time.

Equal Employment Opportunity

Baxter is an equal opportunity employer. Baxter evaluates qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability/handicap status or any other legally protected characteristic.
                                                                                                                                                               
EEO is the Law 
EEO is the law - Poster Supplement 
Pay Transparency Policy

Reasonable Accommodations

Baxter is committed to working with and providing reasonable accommodations to individuals with disabilities globally. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the application or interview process, please click on the link here and let us know the nature of your request along with your contact information.

Recruitment Fraud Notice

Baxter has discovered incidents of employment scams, where fraudulent parties pose as Baxter employees, recruiters, or other agents, and engage with online job seekers in an attempt to steal personal and/or financial information. To learn how you can protect yourself, review our Recruitment Fraud Notice.