Edwards Lifesciences Staff Product Security Engineer (IT) in Irvine, California
Edwards Lifesciences is the global leader in patient-focused medical innovations for structural heart disease, as well as critical care and surgical monitoring. For more than 50 years, we have established a remarkable track record around that innovation: Work that enables clinicians around the world to enhance and save lives.
Edwards is looking for a Staff Product Security Engineer, reporting directly to Head of Product Security at Edwards. In this role, you will be responsible for Product Security DevSecOps and Vulnerability Management & Incident Response, and you will play a critical role in our ability to deliver devices that maximize our patient’s recovery and quality of life as a key member of the team building the concept and hands-on lead implementation of DevSecOps on Edwards cloud and devices products.
This is a highly collaborative role, and you will work in close collaboration with software development, risk management, complaints and quality, and Global Security/IT teams, supporting DevSecOps and secure infrastructure efforts, as well as providing them with information on discovered vulnerabilities, and driving assessment and mitigation activities ensuring that they are fully mitigated. You will also support, develop and integrate CI/CD pipelines Vulnerability Management and Incident Response as well as PKI functions on Edwards products; and design secure infrastructure for production and production support for Edwards cloud-based products, including HiTrust certification support.
Serve as an SME in DevSecOps space, creating and evangelizing and hands on implementing the concept
Integrate, optimize and support in CI/CD pipelines security tooling such as SCA, SAST, PKI, security verification automation, etc.
Serve as a SME in vulnerability management and incident response product security space, covering wide range of medical devices products – from embedded software to mobile and cloud applications. Experience of working in regulated industry (FDA/FAA/DoD/etc.) is a big plus
Serve as a focal point and security architect for products security infrastructure and HiTrust compliance design and operations
Strong knowledge of vulnerability scanning, code scanning and software composition analysis tools, allowing to create and maintain asset inventory for software components and keep track of all the vulnerabilities associated with it
Provide medical devices division with product security support in:
Decomposing third-party software binaries and generating software bills of materials
Identifying vulnerabilities in third party software components
Identifying vulnerabilities in proprietary code
Performing vulnerabilities impact analysis
Generating vulnerability reports, driving them through the assessment and mitigation processes
Follow incident response procedures, represent organization in communications with US Department of Homeland Security ICS-CERT and external to organization vulnerability finders
Stay abreast with the cyber security threats landscape to bring awareness of their applicability to Edwards solutions and work on resolving those threats and improving Edwards products security posture
Bachelor’s Degree in Technology
8+ years of relevant IT experience is required with a Bachelor’s degree (or 6+ years of relevant experience is required with a Master’s degree in Technology). Software development or DevOps experience with exposure to cloud/web/mobile technologies is considered relevant experience
5+ years of relevant cyber security experience with a Bachelor’s degree (or 2+ years of cyber security experience with a Master’s degree in Technology). Relevant experience includes leading and executing security projects in 3 or more of these domains: platform security, application security, network security, infrastructure, cloud security, data security and identity and access management
Experience designing secure infrastructure for cloud products production environments
Expert knowledge of OWASP Top 10, CVE, CVSS 3.0
Prior experience of building security into DevOps, CI/CD pipelines
Ability to recognize and understand various types of application, infrastructure and protocol level vulnerabilities
Real passion, motivation, and willingness to take ownership / responsibility for your work as well as the ability to work alone or as part of a team
Ability to collaborate in a very fast paced environment
Excellent written and verbal communication skills, with experience presenting to executive audience
Master’s degree in Technology
1+ years of experience working as a product security engineer responsible for building and running vulnerability management and incident response or DevSecOps
Prior experience in performing vulnerability management and incident response activities as part of a medical device program
Experience supporting design and operations for HiTrust-compliant environments
Certified Computer Security Incident Handler, GCIH, CISSP certifications
Edwards is an Equal Opportunity/Affirmative Action employer including protected Veterans and individuals with disabilities.
Edwards Lifesciences is the global leader in patient-focused medical innovations for structural heart disease, as well as critical care and surgical monitoring. Driven by a passion to help patients, the company collaborates with the world's leading clinicians and researchers to address unmet healthcare needs, working to improve patient outcomes and enhance lives. Headquartered in Irvine, California, Edwards Lifesciences has extensive operations in North America, Europe, Japan, Latin America and Asia and currently employs over 15,000 individuals worldwide.
For us, helping patients is not a slogan - it's our life's work. From developing devices that replace or repair a diseased heart valve to creating new technologies that monitor vital signs in the critical care setting, we focus on helping patients regain and improve the quality of their life.