Product Security Engineer

CooperVision, a division of CooperCompanies (NASDAQ:COO), is one of the world’s leading manufacturers of soft contact lenses. The Company produces a full array of daily disposable, two-week and monthly contact lenses, all featuring advanced materials and optics. CooperVision has a strong heritage of solving the toughest vision challenges such as astigmatism, presbyopia and childhood myopia; and offers the most complete collection of spherical, toric and multifocal products available. Through a combination of innovative products and focused practitioner support, the company brings a refreshing perspective to the marketplace, creating real advantages for customers and wearers. For more information, visit www.coopervision.com.

Job Summary:

Responsibilities include oversight of third-party development, technical partnerships and the product integration ecosystem. Individuals in this role possess a wide range of cybersecurity and software engineering technical acumen, the ability to think like an attacker and exceptional communication skills. When security issues are discovered, the product security engineer proactively communicates with the appropriate technical and leadership teams to ensure a focus on risk mitigation. The product security engineer constantly assesses products for weaknesses and recommends ways to mitigate them before they are exploited. An individual with a diverse IT background, the product security engineer is expected to adapt to continuous integration and continuous delivery (CI/CD) pipelines to ensure products meet business objectives.

• Lead continuous product and application security reviews.
• Perform application security testing using SAST, DAST, IAST and RASP tools.
• Combine automated and manual product and application testing methods.
• Engage with internal and external teams performing vulnerability and penetration testing.
• Document security findings, outline remediation options and oversee mitigation.
• Focus on automation to aid in efficiencies with both testing and remediation of findings.
• Collaborate with developers and product managers for continuous security validation.
• Recommend controls where there are security gaps and track through to implementation and validation.
• Regularly monitor the threat landscape and assess the potential impact to products.
• Attend and participate in product meetings addressing security requirements for new and existing products.
• Serve as the primary management point of contact for product cybersecurity requirements, initiatives and escalations.
• Evaluate the existing product ecosystem and propose product changes to security leadership and engineering.
• Leverage security standards and implementation configurations, as well as common security frameworks.
• Uphold software bills of materials across products.
• Attend internal and external education and training sessions, with a focus on product security principles.
• Possess a general understanding of bug bounty programs and their management.
• Align with architects and development teams for a mission of secure design.
• Actively participate in security team meetings that facilitate secure product design.
• Possess general knowledge of product security that meets compliance, privacy laws and regulatory requirements.
• Focus on security process efficiencies, prioritizing advanced tasks to keep pace with product demand.
• Collaborate with team members and align with security, audit and risk management leadership.
• Perform other duties as assigned.

Travel Requirements: 5%

Knowledge, Skills and Abilities:

• Highly technical and analytical experience, with a proven deep background (five-plus years preferred in addition to cybersecurity) in software engineering.
• Experience with SAST, DAST, IAST and RASP.
• Experience with public cloud providers (AWS, Azure, GCP).
• Experience with container security, such as Docker and Kubernetes.
• Knowledge of CI/CD platforms, such as Jenkins, Atlassian, and Azure DevOps.
• Experience building prototypes of tools and exploits, as well as conducting vulnerability and penetration tests.
• Proficiency in software development (C\C++, Java, Python, Golang, etc.).
• Experience with security requirements for APIs.
• Familiarity with modern frameworks and programming practices.
• Expertise in version control systems such as Git.
• Familiarity of medical device regulations (ex. IEC 62304) preferred.

Work Environment:

• Typical office environment
• Prolonged sitting in front of a computer

Experience:

• Seven-plus years’ experience in cybersecurity with a product and application security engineering background.

Education:

• Bachelor’s degree preferred in information assurance, computer science, engineering or related field.
• Preferably one or more SANS certifications (GWAPT, GWEB, GCSA), CISSP, CSSLP.

We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity workplace.

For U.S. locations that require disclosure of compensation, the starting base pay for this role is between $115,012.00 and $ 153,349.00 per year and may include cost of living adjustments. The actual base pay includes many factors and is subject to change and modification in the future. This position may also be eligible for other types of compensation and benefits.

#LI-RK1