Product Security Architect

Job Description - Product Security Architect

- Providing privacy and security technical expertise supporting the product team throughout product development, design change, and life-cycle management.

- Work with the Product Security Leader (PSL) to support the product team with process expertise for Healthcare Product Cybersecurity Standards and life-cycle management.

- Product cybersecurity development responsibilities:

o Assess the privacy and cybersecurity state of the product and define product roadmap features/enhancements with stakeholder approval.

o Responsible for security architecture and coordination of product development for cybersecurity features and enhancements.

o Assess product components and SBoM are integrated into the product.

o Perform defect management for cybersecurity issues.

o Identify operational responsibilities and adherence to cloud standards for cloud-based products.

o Responsible for Product and Security Manual and MDS2 documentation.

- In coordination with the PSL, own and deliver Product Cybersecurity Standard artefacts, which include:

o Design input activities to identify, evaluate, roadmap, and drive cybersecurity and privacy features and enhancements within product development programs.

o Create Design Engineering Privacy and Security (DEPS) artefacts for privacy and security risk assessments to engage in domain-specific product threat modelling, attack surface analysis, risk management and reduction.

o Coordinates with the PSL to support the product team in scheduling and performing vulnerability scans and cybersecurity assessments.

o Lead product Security Technical Design Reviews

o Along with the product Lead System Designer (LSD), responsible for the Product Cybersecurity Standard compliance and other pertinent standards and processes.

- The released products shall comply with the required regulatory standards & compliance (like FDA, HIPPA, GDPR etc.)

- Works with the Product Security team and Quality Assurance & Regulatory Assurance (QARA) on released product life cycle, including:

o Participate in post-market product vulnerability monitoring.

o Participate as a Subject Matter Expert to determine product vulnerability impact, investigation, and risk assessment.

o Responsible for product vulnerability mitigation and design change.

o Responsible for vulnerability tool updates to ensure accurate customer communication.

Mandatory Skills

- Security Engineering

1. Globally recognised Cyber Security Certifications (Advanced/Expert Level)

2. Firm with knowledge of OWASP, CVSS, FIPS 140-2/140-3 and DoD RMF

3. 7+ years of full-time information security with emphasis on technical assessment (system/web application vulnerability assessment, penetration testing, white-box secure code analysis, etc.) and security architecture (design of security controls, secure system design, understanding of identity and authentication management, etc.)

4. The Candidate shall be capable of finding risks/issues and suggesting the best route to remediation, knowing the compensatory controls & guiding the product team for its closure.

5. Sound understanding of security technologies/techniques like

Cryptography, Algorithms, Public key Infrastructure (PKI) Certificate Authority (CA),

Hardware/embedded authentication, OAuth, 2-factor authentication, and

white-box code analysis.

6. Experience with a range of security tools related to

SAST (Static Application Security Assessment),

DAST (Dynamic Application Security Assessment),

Vulnerability Management,

SCA (Software Composition Analysis),

Penetration Testing - Web Applications, Thick Clients, Mobile Applications, REST/SOAP

Threat Modelling Tools etc.

- Standard Software Engineering

7. Experience in Micro Services using RESTful frameworks