PSR - Product Security Representative Code OOEE

As part of the Imaging System Software Platform team PSR is the cybersecurity focal point for secure product development and maintenance of released product. The PSR is an experienced member of the product engineering team with influence to drive product privacy and cybersecurity features and enhancements. The PSR must have deep product knowledge to ensure the clinical functionality expected operating environment and interoperability to accurately determine a product s privacy and security risks.

Roles and Responsibilities

In this role you will:

Provide privacy and security technical expertise in support of the product team throughout product development design change and lifecycle management.

Work with the Product Security Leader (PSL) to support the product team with process expertise for the Product Cybersecurity Standard and lifecycle management.

Product cybersecurity development responsibilities:

o Assess the privacy and cybersecurity state of the product and define product roadmap features/enhancements with stakeholder approval.

o Responsible for security architecture and coordination of product development for cybersecurity features and enhancements.

o Assess product components and SBoM integrated into the product.

o Perform defect management for cybersecurity issues.

o Identify operational responsibilities and adherence to cloud standards for cloud based products.

o Responsible for Product and Security Manual and MDS2 documentation.

In coordination with the PSL own and deliver Product Cybersecurity Standard artifacts which includes:

o Design input activities to identify evaluate roadmap and drive cybersecurity and privacy features and enhancements within product development programs.

o Create Design Engineering Privacy and Security (DEPS) artifacts for privacy and security risk assessments to engage in domainspecific product threat modelling attack surface analysis risk management and reduction.

o Coordinates with the PSL to support the product team in scheduling and performing vulnerability scans and cybersecurity assessments.

o Lead product Security Technical Design Reviews

o Along with the product LSDLead System Designer responsible for the Product Cybersecurity Standard compliance and other pertinent standards and process.

The released products shall be in compliance to required regulatory standards & compliance (like FDA HIPPA GDPR etc)

Works with the Product Security team and QARAQuality Assurance & Regulatory Assurance on released product life cycle including:

o Participate in postmarket product vulnerability monitoring.

o Participate as an Subject Matter Expert to determine product vulnerability impact investigation and risk assessment.

o Responsible for product vulnerability mitigation and design change.

o Responsible for vulnerability tool update to ensure accurate customer communication.

Address customer and Sales RFP privacy and security feedback/questions.

Provide technical expertise on customer concerns complaints and CSO escalations.

Create/Maintain responsible product records within product cybersecurity tools.

Requirements

Education Qualification:

Bachelors Degree in Computer Science or STEM Majors (Science Technology Engineering and Maths)

Required Characteristics:

7 years fulltime information security experience with emphasis on technical assessment (system/web application vulnerability assessment penetration testing whitebox secure code analysis etc.) and security architecture (design of security controls secure system design understanding of identity and authentication management etc.)

Experience in working with Product sector environment.

Globally recognized Cyber Security Certifications (Advanced/Expert Level).

Sound understanding of security technologies/techniques like Cryptography Algorithms Public key Infrastructure (PKI) Certificate Authority (CA) Hardware/embedded authentication OAuth 2factor authentication whitebox code analysis.

Information security experience with emphasis on technical assessment (system/web application vulnerability assessment penetration testing whitebox code analysis etc.) and security architecture (design of security controls secure system design understanding of identity and authentication management etc.)

Experience with a range of security tools related to SAST (Static Application Security Assessment) DAST (Dynamic Application Security Assessment) Vulnerability Management SCA (Software Composition Analysis) Penetration Testing Threat Modelling Tool etc.

The PSR Shall be capable of not only finding risks/issues but shall also suggest the best route to remediation knowing the compensatory controls & guide product team for its closure.

Firm with knowledge of OWASP CVSS FIPS 1402/1403 and DoD RMF.

Good To Have Skills:

Experience in Micro Services using RESTful frameworks.

Experience in Healthcare domain.

Penetration Testing in Web Application Thick Client Mobile Application REST/SOAP

Infrastructure Penetration Testing

Experience in Red Teaming Activities (add on)

Recognition for CVE or WallofFame though BugBounty (add on)

Benefits