Sr Associate, Product Security Engineer

• Support threat intelligence solutions and prioritization of vulnerabilities for remediation.
• Develop capabilities through gap analysis, process enhancements, and automation tool integration across product lifecycle
• Evaluate and propose remediation strategies based on software tool analysis findings
• Establish effective collaboration with cross-functional teams throughout product development
• Assist in risk analysis, security gap assessment, and recommendation of cutting-edge solutions
• Facilitate creation of comprehensive security process documentation for leadership and stakeholders
• Deliver intelligence insights for security patch management of operating systems and third-party software
• Collaborate with development teams to craft solutions for existing security challenges
• Liaise with stakeholders regarding identified vulnerabilities and proposed remediation approaches
• Assist with incident response processes and PSIRT activities when addressing identified security events
• Deliver support for penetration testing activities and resulting reports
• Partner closely with the Threat Intelligence Manager and support personnel to advance product security initiatives and deliverables
• Execute/support annual risk assessments of market-deployed products; document and quantify findings, relay results to development teams
• Facilitate annual penetration tests as assigned, develop or assess final reports
• Master SBOM generation using various tools and scripts; become an authority in utilizing and analyzing results
• Assess security updates for potential impacts on market-deployed products and track emerging vulnerabilities
• Compose and/or evaluate patching and update communications for customers and coordinate distribution
• Ready software for SAST, DAST, and fuzzing evaluations; analyze and document results, formulate remediation strategies
• Deploy image hardening protocols including implementation of DISA STIGs
• Compile product risk summaries for semi-annual stakeholder reporting
• Engage with external vendors, develop/modify/communicate host module requirements, and ensure vendor accountability for deliverables

Bachelor's degree in Computer Science or related field; or 4 years of equivalent professional experience

Proficiency in Microsoft development environment scripting, particularly PowerShell

Knowledge of Windows OS services, processes, driver configurations, registry settings, and analysis methodologies

Understanding of Windows and Linux cybersecurity configurations

Experience with security tools including SAST, DAST, SBOM, network forensics tools, fuzzing, and standard penetration testing applications

Networking expertise

Familiarity with Microsoft Visual Studio, ADO, or comparable integrated development environments (IDEs) Capacity to follow instructions, identify challenges, recommend solutions, and deliver high-quality results on schedule

Understanding of Software Development Lifecycle Management (SDLC) methodologies (Agile/Scrum, iterative)

Strong interpersonal and communication abilities to cultivate positive relationships across departments in virtual, remote, and asynchronous work environments

ATTENTION: Current Alcon Employee/Contingent Worker

If you are currently an active employee/contingent worker at Alcon, please click the appropriate link below to apply on the Internal Career site.

Find Jobs for Employees

Find Jobs for Contingent Worker

Alcon is an Equal Opportunity Employer and takes pride in maintaining a diverse environment. We do not discriminate in recruitment, hiring, training, promotion or other employment practices for reasons of race, color, religion, gender, national origin, age, sexual orientation, gender identity, marital status, disability, or any other reason.