Software Security Engineer 3 or 4

Summary

The Software Security Engineer 3 or 4 is responsible for identifying cybersecurity threats and vulnerabilities, analysis of these cybersecurity threats and vulnerabilities and implementing controls to mitigate, in the product development life cycle and sustaining engineering of Hologic molecular diagnostics products.

Duties and Responsibilities

  • Monitor the industry for newly identified threats to cybersecurity and assess the risk to Hologic products.
  • Determine Hologic product requirements associated with maintaining security and reliability in networked customer environments.
  • Perform and document “vulnerability to malicious attacks” assessments on Hologic products and provide support to product teams.
  • Provide final tier escalation support for service calls pertaining to virus and security related issues.
  • Assist with product development efforts dealing with security and network vulnerability issues.
  • Develop and execute thorough test procedures to qualify OS patches and anti-virus software.
  • Create lab environment and automate test procedures associated with above testing.
  • Educate sales and service force on topics and issues related to network security and virus protection.
  • Keep company and product teams aware of technology, industry trends, and market requirements with respect to the cyber protection of medical devices and information in healthcare environments.
  • Ensure that design, implementation, test, and maintenance processes (including methods) are developed and executed in a manner which supports all company quality standards.
  • Must possess the discipline required to continually monitor industry security threats, assess risk to Hologic products, and disposition the risk according to established quality procedures.
  • Must be able to effectively troubleshoot and diagnose issues associated with networked, computer based products.
  • Must be available for travel to Hologic offices, training, and customer sites.
  • Must be able to work with minimal supervision but in alignment with strategic intentions and corporate priorities.
  • Work with software engineers to develop and implement security requirements.
  • Interacts directly and frequently with Engineering, Field Service, Sales, and external company resources to successfully qualify Hologic networked products to meet customer expectations for equipment performance.

Requirements

  • Must have excellent written and oral communication skills.
  • Must have excellent problem solving skills, including diagnosis, analysis, and resolution of concerns.
  • Must have demonstrated skills in project and workload management.
  • Must be self-motivated and team-oriented.
  • Must understand network design concepts.
  • Ability to understand complex product design.
  • Ability to interact and communicate effectively with customers in a sensitive but effective manner.
  • Must have working knowledge of security analysis and protection tools.
  • Must understand the nature of and motivation for unauthorized access and malicious attacks on networked, computer based products running in a healthcare environment.
  • Must be able to convey complex theories and technical ideas to the non-technical Hologic employees, vendors, and customers.

Education

  • Bachelor’s or Master’s degree in Computer Science, Management Information Science, Engineering, or related technical field (or equivalent work experience).

Experience

  • Strong experience in enterprise computer network infrastructure.
  • Minimum of four or more years work experience in a majority of the following areas:
    • Computer and network security
    • Aligning Security Standards, such as ISO27002, PCI DSS, CobIT, NIST CSF, etc., and Regulatory Compliance, such as FDA (Medical Device Cybersecurity), CLSI, HIPAA, GDPR, PCI, SOX, SOC2, HITRUST, GLBA, SafeHabor, etc. to security requirements.
    • Computer networking design or administration
    • Microsoft Windows and Linux operating systems
    • Software application design, test, and maintenance
    • Cybersecurity Risk Assessment
    • Vulnerability Scans and Penetration Testing
  • Work experience or training in the following areas is desired:
    • Medical information system administration
    • Software verification in a regulated industry
    • PACS, DICOM, ASTM, HL7, EMR, EHR, medical informatics
    • Technical Support to Sales, Field Service and/or end-users

Specialized Knowledge

  • Certifications in security related studies are strongly preferred (CISSP, CISM, CISA).
  • OS (i.e., Windows, Linux) and networking (i.e., Cisco) certifications are preferred.
  • Experience in the healthcare industry (provider or medical equipment vendor) is preferred.

Additional Details

(Including Physical & Mental requirements)

  • Must be able to repetitively lift and carry product weighing approximately 15 lbs.

Agency and Third-Party Recruiter Notice:

Agencies that submit a resume to Hologic must have a current executed Hologic Agency Agreement executed by a member of the Human Resource Department. In addition, Agencies may only submit candidates to positions for which they have been invited to do so by a Hologic Recruiter. All resumes must be sent to the Hologic Recruiter under these terms or they will not be considered.

Hologic, Inc. is proud to be an Equal Opportunity Employer inclusive of disability and veterans.

#LI-GT1

More Information

Apply for this job

Leave your thoughts

Share this job