Address
Form of workAs a member of BMT’s global R&D organization, the Product Security Architect is responsible for creating and implementing cutting-edge security solutions and infrastructures that will ensure Bracco Medical Technologies (BMT) products are secure and resilient.
This role provides the opportunity to work cross functionally with a variety of stakeholders to include product development teams and contribute to Product Security deliverables and activities
Ongoing training and education would be offered on security domains and technologies for this position.
The location of this position is flexible. You can work from our offices worldwide or remotely.
Primary Duties & Responsibilities:
- Partner with the product and software engineering teams to assist with design reviews, threat modelling, penetration testing, code reviews, security issues remediation, and other security related activities.
- Engage with product team to review their system architecture, research on additional security capabilities. provide security requirements and research on additional security capabilities.
- Support software developers, system engineers and hardware/firmware engineers of our business units on their security practices and provide guidance regarding mitigations to emerging threats and remediation planning.
- Be part of PSIRT team to manage vulnerability, CVD and incident response on BMT products.
- Collaborate effectively with cross functional teams including, R&D Quality, Manufacturing and Regulatory to achieve security risk reduction.
- Develop security training and deliver to internal development teams and other stakeholders.
- Evaluation of new security tools and technologies and build internal tools as needed.
- Other duties and responsibilities as required to support the changing security needs of the organization.
Required Skills
Minimum
- Bachelor of Science in Computer Engineering, Computer Science, Software Engineering, Electrical Engineering, Computer Systems Engineering, or a related discipline.
- 3 years’ experience in systems security administration control and/or software engineering experience or other related experience
- 2 years' experience in Product Security architecture, security testing, security consultancy, vulnerability management or equivalent.
- Have knowledge of industry standards and frameworks such as OWASP, NIST, SANS, MITRE ATT&CK, UL 2900 etc.
- Strong interpersonal and communication skills
- Strong technical writing and presentation skills
- Have experience in implementing effective Secure SDLC frameworks.
- Demonstrated problem-solving ability
- Strong collaboration skills with the ability to work cross functionally.
- Ability to communicate effectively with a variety of stakeholders
Preferred:
- Embedded system, firmware and IoT security preferred but not required
- Vulnerability management on products is preferred but not required
- Development experience in C#, C++ or Java preferred but not required
- Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE) or Offensive Security Web Expert (OSWE) certification preferred but not required.
- Cloud security experience preferred
- Travel up to 10% domestic and international
Required Experience
