Hiring.fm
BAXTER

Product Security Engineer

Mississauga, Ontario Full time

This is where your work makes a difference.

At Baxter, we believe every person—regardless of who they are or where they are from—deserves a chance to live a healthy life. It was our founding belief in 1931 and continues to be our guiding principle. We are redefining healthcare delivery to make a greater impact today, tomorrow, and beyond.

Our Baxter colleagues are united by our Mission to Save and Sustain Lives. Together, our community is driven by a culture of courage, trust, and collaboration. Every individual is empowered to take ownership and make a meaningful impact. We strive for efficient and effective operations, and we hold each other accountable for delivering exceptional results.

Here, you will find more than just a job—you will find purpose and pride. 

As a Product Security Engineer, you will participate in cybersecurity design and analysis of digital platforms. Develop and demonstrate subject matter expert knowledge in state-of-the-art security principles.  Contribute to resolving difficult problems, from conception to final design with team input. Support planning, leading, and delivering project assignments in the evaluation, selection and adaptation of various cybersecurity engineering techniques, procedures, and criteria with minimal guidance and mentoring.

Contributes to a cybersecurity vision that aligns with the organization's vision and strategic plan. Utilizes solid understanding of device and system connectivity concepts in a medical device domain. Provides assistance to technical team members that are accountable for implementing cybersecurity, integration, and connectivity deliverables. Exhibits creativity and innovation in completing divisional and cross-functional/business unit goals and objectives.

What you'll be doing

Create/support technical documentation around the security of a product including:

    • Threat modeling and interface architecture

    • Data Protection Impact Assessment

    • Product Security whitepapers

    • Manufacturer Disclosure Statement for Medical Devices

    • Software Bill of Materials

    • Static code analysis reports

    • Work collaboratively with the product development teams to establish information security requirements, plans, and policies.

    • Ensure compliance to the product development process and Quality System and Design Control requirements.

    • Establish governance around vulnerability management in products

    • Assist in responses to and recovery from a security breach in conjunction with other team members and business units

    • Use tools (Tenable Nessus, Fortify, Coverity, etc.)  to scan for and test possible product vulnerabilities

    • Stay ahead of and advise about industry zero day discoveries and react to assess products

    • Work collaboratively with product teams on annual SOC2 and HiTrust audits for products

    • Investigate security breaches

    • Participate in project planning and scoping of security related deliverables and activities.

What you'll bring

    • BS in computer science, engineering, mathematics, information management, or related field.

    • Understanding of secure software development life-cycle.

    • Understanding of application security throughout the software life-cycle.

    • Familiarity in OWASP Top 10 vulnerabilities.

    • Understanding of threat modeling, penetration testing, fuzz testing, vulnerability scanning, secure code analysis.

    • Understanding of threat modeling methodologies like STRIDE, DREAD, LINDDUN, or PASTA.

    • Understanding of cybersecurity related software such as Blackduck, Coverity, etc.

    • Understanding of threat intelligence, CWEs and CVEs.

    • Understanding of security risk assessments and the ability to communicate impact of risk.

    • Familiarity with cybersecurity related organizations and certifications such as UL (UL-2900), ICS-CERT, FIPS 140, etc.

    • Understanding of cybersecurity functionality on cloud platforms and hosted software applications.

    • Requires strong organization and communication skills, with the ability to interface with both technical and non-technical personnel.

    • Must be able to provide solutions that reflect understanding business objectives.

Equal Employment Opportunity

Baxter is an equal opportunity employer. Baxter evaluates qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability/handicap status or any other legally protected characteristic.

Reasonable Accommodations

Baxter is committed to working with and providing reasonable accommodations to individuals with disabilities globally. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the application or interview process, please click on the link here and let us know the nature of your request along with your contact information.

Recruitment Fraud Notice

Baxter has discovered incidents of employment scams, where fraudulent parties pose as Baxter employees, recruiters, or other agents, and engage with online job seekers in an attempt to steal personal and/or financial information. To learn how you can protect yourself, review our Recruitment Fraud Notice.