Summary: 

This role involves collaborating with Software Engineering and Infosec teams to ensure the security of software products throughout their lifecycle. Responsibilities include identifying, triaging, and mitigating vulnerabilities, promoting security best practices, and supporting secure software development processes.

Key Responsibilities:

• Define and refine security requirements in collaboration with development, regulatory, and information security teams.
• Enhance software development security processes and evangelize security best practices.
• Conduct security reviews of products and features, including risk assessments and threat modeling.
• Implement security in CI/CD pipelines and build automation.
• Automate security testing and compliance checks.
• Implement and manage security controls for software products (e.g., access control, encryption).
• Develop, deploy, and support security tooling (e.g., vulnerability scanning, SIEM systems).
• Utilize existing security tools and frameworks where possible.

Qualifications:

• MS degree in computer science, cybersecurity, or equivalent experience.
• 10+ years of software development or security engineering experience, ideally with complex data or process management applications.
• 5+ years of experience in Java and another high-level language (Python, C++, Go).
• 5+ years of experience in cloud and infrastructure security.
• Excellent communication skills.
• Commitment to security and privacy best practices.
• Background in Secure Software Development Lifecycle (SSDLC).

Knowledge, Skills, and Abilities:

• Experience in the healthcare industry and handling sensitive data.
• Familiarity with regulatory compliance (FDA PMA, IVDR, GDPR, HIPAA).
• Proficiency in vulnerability scanning and tools.
• Expertise in cloud security best practices.
• Strong Java programming skills.
• Experience with CI/CD security integration.
• Knowledge of REST API and web service security.
• Understanding of relational database and SQL security practices.

Nice to Have:

• Security certifications (CISSP, CEH/OSCP).
• Cloud pipeline orchestration (WDL, NextFlow)