Software Security Engineer

POSITION:          Software Security Engineer

POSTING:           67679 (JNJNJP00067679)

LOCATION:         Client Location, Raynham MA (Boston MA and Palm Beach Gardens FL are alternative sites)

COMPENSATION:  The hourly rate is a maximum range of $58.00 to $62.00. This will annualize to an approximate range of $116,000 to  $124,000 based on 40 hour work weeks and 50 of 52 working weeks per year.  OT is payable at 1.5X base rate and will add to the overall compensation based on actual hours worked.  

JOB DESCRIPTION/EXPERIENCE:  Software Security EngineerThe Product Security and Services team within this global Medical Device client’s Information Security & Risk Management (ISRM) Department is recruiting for a full-time Software Security Engineer to join the ISRM Product Security-DPS team to provide support the client’s medical device (orthopedic) portfolio, with preference for US office locations in Palm Beach Gardens, FL, Boston, MA and/or Raynham, MA.

Position Summary

The Software Security Engineer will be responsible for implementation of Enterprise Product Security Strategies and Framework throughout he Medical Device portfolio. This includes identifying key strategy and goals, collaborating with internal organizations on existing process and policy enhancements, creating and communicating metrics to senior management, identifying communications plans and raising overall awareness of the capability. Specific responsibilities include supporting DPS R&D throughout a new product’s development phases, review product security requirements and recommend security design solutions, help complete Quality documentation, threat modelling, penetration testing, software architecture review and design recommendations, code analysis and other security testing or work as needed. Additionally, post market responsibilities for DPS marketed devices include monitoring for new vulnerabilities, assisting with patching and remediation plans, as well as responding to all customer security questionnaires and reviewing security language within contractual agreements.

Major Duties & Responsibilities

Support Global Product Security’s framework:

• Help drive Product Security strategy and goals within DPS
• Partner with internal organizations to improve existing processes and policies
• Create and present Product Security metrics to senior management
• Help carry out Product Security governance model for pre and post market devices
• Create remediation plans and assist the DPS engineering team with remediation
• Respond to customer questionnaires and contractual language
• Perform other work-related duties as assigned.

Qualifications
Minimum of a Bachelor’s degree is required, MS and/or advanced degree is preferred.  A minimum of 6 years of experience in security and/or embedded software engineering functions is required.  Knowledge of product or medical device security is preferred and experience working with cloud based IoT management solutions is preferred.  Understanding of Quality Design Control processes and FDA submission process is preferred and CISSP, CEH, MCSD, CSSLP or other certifications are preferred. 

The selected candidate should possesses an intimate knowledge of real-time operating system (i.e. QNX, Linux, Windows Embedded) hardening techniques and have the ability to provide secure coding recommendations.  Knowledge in at least one coding language (i.e. C/C++, C#) with code review experience is required and the candidate should have software engineering experience including securely building embedded applications.  The ability to create and deliver Product Security awareness campaigns and other communications is required and the candidate should possess understanding of pen testing, vulnerability scanning, CVSS and/or other general security testing principles with the ability to provide specific recommendations on how to fix resulting vulnerabilities. An understanding embedded operating system security patching and vulnerability assessment is required

All candidates shall be legally authorized to work in the US and are subject to background screening, drug testing and verification of legal status in the United States using eVerify.