Job Title: Sr. ProductSecurity Engineer / Embedded System Security Engineer
Location: Plymouth MN
Hybrid Position: 3 days in office / 2days remote
Whatyou will be doing:
* Workdirectly with embedded software developers in building a securityby design mindset by defining implementations and coding inlinewith the Application Security Program mandates
* Implement embedded secure code solutions design patternsand coding guidelines that meet security and privacy requirementsdefined in the security plans risk assessments policies andprocedures
* Support security project governancethrough scheduling activities planning andprioritization
* Proactively drive securitysolutions implementation inalignment with the development leadssecurity architects and product owner(s)
* Drivefeature implementations in line with the architecture via designscoding reviews and tests.
* Perform Proof ofConcept (POC) activities as necessary
* ReviewAnalyze and mitigate SAST DAST SCA and penetration test findings incollaboration with the developers for various electromechanicalmedical devices product lifecycles
* Reviewcurrent software security control measures and implement securityenhancements across multiple medical devices
* Participate in postmarket product analysis to supportvulnerability investigations as required as well as be engaged incontinuous security monitoring
What you will bring:
* Experienced security developer able tointerpret and guide software development teams on secure codingpractices and application security test report interpretation forvarious coding languages and operating environments
* Strong knowledge of secure software development lifecycleand practices including SAFe/ Agile methodologies for softwaredevelopment
* Understanding of security bydesign principles and architecture level securityconcepts
* Sound understanding and experience inimplementing security technologies/techniques such as CryptographicAlgorithms/Cipher Suites Public key Infrastructure (PKI)Hardware/embedded authentication protocols Secure Boot anddataatrest encryption methods
* Experienceimplementing OWASP Top10 application security guidelines inembedded systems
* Knowledge of embedded systemarchitecture and security controls (e.g. firewall and border routerconfigurations wireless communication architectures messagingauthentication protocols
* Experienced ingenerating defining and reviewing penetration test results throughknowledge standard methodologies and tools including environmentalconfiguration definition security analysis threat modeling andsystem security audits
* Knowledge of currentand emerging security threats and techniques for exploitingsecurity vulnerabilities
* Exposure tointernational privacy requirements & crossindustrytrends
Qualifications andSkills:
* Bachelors degreein Computer Science Computer Engineering a related field orequivalent demonstrated experience and knowledge
* Minimum 8 years of experience in software development orrelated fields.
* Minimum 5 years technicalexperience working with product security design/development forembedded systems
* 3 years working with each ofthe following:
* Experience with C/C PythonLinux and/or security design within realtime operatingsystems.
* Experience analyzing interpreting andmitigating security findings from multiple sources including SASTDAST SCA and penetration tests.
* Embedded dataat rest security implementations including Code Signing Secure bootand flash encryption implementations.
* Embedded/IoT wired and wireless secure networkingimplementations within multiple layers of the OSI stack
* IoT/Embedded PKI solutions and implementation.