Job Description
Vantive is a vital organ therapy company on a mission to extend lives and expand possibilities for patients and care teams everywhere. For 70 years, our team has driven meaningful innovations in kidney care. As we build on our legacy, we are deepening our commitment to elevating the dialysis experience through digital solutions and advanced services, while looking beyond kidney care and investing in transforming vital organ therapies. Greater flexibility and efficiency in therapy administration for care teams, and longer, fuller lives for patients— that is what Vantive aspires to deliver. We believe Vantive will not only build our leadership in the kidney care space, it will also offer meaningful work to those who join us. At Vantive, you will become part of a community of people who are focused, courageous and don’t settle for the mediocre. Each of us is driven to help improve patients’ lives worldwide. Join us in advancing our mission to extend lives and expand possibilities. Your Role As the Sr. Principal Product Security Engineer you will be responsible for designing, building, testing and implementing systems with the primary goal of product security across Vantive’s medical device product portfolio in various operating environments. Prevention of breach of Intellectual Property (IP), Attack surface minimization, preventive security and privacy controls, incident/vulnerability management are some of the focus areas for this position. This role requires deep knowledge of security by design, IoT secure code principles, physical security hardening, and embedded system development. Candidates should have experience in embedded software development with a desire to secure products to be able to protect our customers and patients using our life-sustaining products each day. Success in this role requires a strong understanding and interest in the latest security standards, protocols, products, and systems. What You Will Be Doing Work directly with embedded software developers in building a security by design mindset by defining implementations and coding inline with the Application Security Program mandates Implement embedded secure code solutions, design patterns, and coding guidelines that meet security and privacy requirements defined in the security plans, risk assessments, policies, and procedures Support security project governance through scheduling activities, planning and prioritization Proactively drive security solutions implementation in-alignment with the development leads, security architects and product owner(s) Drive feature implementations in line with the architecture via designs, coding, reviews and tests. Perform Proof of Concept (POC) activities as necessary Review, Analyze and mitigate SAST, DAST, SCA and penetration test findings in collaboration with the developers for various electromechanical medical devices product lifecycles Review current software security control measures and implement security enhancements across multiple medical devices Participate in post-market product analysis to support vulnerability investigations as required as well as be engaged in continuous security monitoring What You Will Bring Experienced security developer able to interpret and guide software development teams on secure coding practices and application security test report interpretation for various coding languages and operating environments Strong knowledge of secure software development lifecycle and practices including SAFe/ Agile methodologies for software development Understanding of security by design principles and architecture level security concepts Sound understanding and experience in implementing security technologies/techniques such as, Cryptographic Algorithms/Cipher Suites, Public key Infrastructure (PKI), Hardware/embedded authentication protocols, Secure Boot, and data-at-rest encryption methods Experience implementing OWASP Top10 application security guidelines in embedded systems Knowledge of embedded system architecture and security controls (e.g., firewall and border router configurations, wireless communication architectures, messaging authentication protocols Experienced in generating, defining, and reviewing penetration test results through knowledge standard methodologies and tools including environmental configuration definition, security analysis, threat modeling, and system security audits Knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities Exposure to international privacy requirements & cross-industry trends Qualifications And Skills Bachelor's degree in Computer Science, Computer Engineering, a related field or equivalent