Lead Product Security Architect

Exciting Opportunity at Hologic: Become a Lead Product Security Architect!

Are you a cybersecurity enthusiast ready to make a significant impact in the healthcare industry? Join our dynamic team at Hologic's Breast & Skeletal Health Division, where you will champion a Secure by Design culture for our groundbreaking, life-saving medical devices. As a Lead Product Security Architect, you will play a crucial role in ensuring the security and integrity of our innovative healthcare solutions. This role may sit in Newark, DE, Santa Clara, CA, Marlborough, MA or can sit remotely. This is your chance to be part of something truly transformative and contribute to advancements in women's health.

Key Responsibilities:

1. Champion Security Culture: Lead the charge in embedding a Secure by Design culture across product teams. Ensure compliance with security standards and best practices, and represent our division in industry forums, information-sharing organizations, and standards groups.
2. Policy Enhancement: Spearhead the continuous improvement of our Secure by Design policies and procedures, collaborating with functional teams to align our products with the latest security requirements and regulatory standards.
3. Security Tools and Automation: Partner with DevOps to enhance our Security Tools capabilities, automation, and related processes, ensuring security excellence across our extensive portfolio of medical devices.
4. Security Engineer Support and Mentoring: Provide guidance and mentorship to Product Security Engineers, driving security planning, design consistency, and overall excellence.
5. Documentation and Architecture: Lead the creation and maintenance of security design documentation, architecture views, and diagrams for our products.
6. Design Strategy: Participate in product design discussions to identify and integrate security requirements, considerations, and deliverables. Identify common security modules and resources that can be shared across all products.
7. Security Assessments: Lead or support ongoing security assessments, including Threat Modeling, for Hologic products and remote connectivity solutions. Assess new products or projects for required security activities and deliverables.
8. Security Communication: Lead and support security communications with external stakeholders and customers. Develop security resources, such as White Papers, and support Sales and Marketing efforts by highlighting our security excellence.
9. Education and Training: Educate teams on securing our products, development environments, connected health solutions, and their operating environments.
10. Continuous Learning: Stay ahead of the curve by keeping up with the latest security threats, regulatory changes, industry standards, and best practices.

Ideal Candidate Profile:

1. Security Architecture and Design: Possess a strong understanding of security architecture and design.
2. Change Champion: Have a proactive and innovative mindset focused on enhancing and optimizing strategies, processes, and tools.
3. Travel Flexibility: Be available for travel to Hologic offices, training, conferences, and customer sites.
4. Autonomous Alignment: Work with minimal supervision while aligning with strategic intentions and corporate priorities.
5. Global Regulatory Environment: Ensure continuous awareness and adherence to regulatory requirements for our products and environments.

Qualifications:

1. Education: Master’s or Bachelor’s degree in Computer Science, Management Information Science, Engineering, or a related technical field.
2. Medical Systems Knowledge: Experience with medical information system administration and extensive knowledge of medical device security standards and regulations such as FDA Premarket Cybersecurity Guidance, IEC 81001-5-1, AAMI TIR57, AAMI SW96).
3. Regulated Industry Experience: Experience in software development and verification within the medical device industry is preferred.
4. Experience: 5+ years in:

• Security Architecture and Design
• Security policy, procedures, and standards creation
• Cybersecurity Risk Assessment
• Computer and network security
• Microsoft Windows and Linux operating systems

Technical Skills:

• In-depth knowledge of the secure development lifecycle
• Leading security design and architecture for embedded devices and complex applications
• Expertise in secure coding standards and common vulnerabilities
• Proficiency with industry-standard security tools (SAST, SCA, DAST, vulnerability scanning)
• Leading Threat Modeling activities
• Securing development and cloud environments (Azure preferred)
• Strong communication skills, both verbal and written

Preferred Qualifications:

• Team Lead Experience: Experience supporting a team of security engineers.
• Certifications: Security-related certifications (e.g., CISSP), OS (Windows, Linux), and networking (Cisco) certifications.
• DoD ATO Compliance: Experience obtaining and maintaining Department of Defense (DoD) Authority to Operate (ATO) certifications.
• Cloud Compliance: Experience in obtaining and maintaining industry-recognized certifications such as SOC 2, HITRUST, and FedRAMP.

So why join Hologic?

We are committed to making Hologic the company where top talent comes to grow. For you to succeed, we want to enable you with the tools and knowledge required and so we provide comprehensive training when you join as well as continued development and training throughout your career. We offer a competitive salary and annual bonus scheme, one of our talent partners can discuss this in more detail with you.

If you have the right skills and experience and want to join our team, apply today. We can’t wait to hear from you!

The annualized base salary range for this role is $128,300 - $200,600 and is bonus eligible. Final compensation packages will ultimately depend on factors including relevant experience, skillset, knowledge, geography, education, business needs and market demand.

Hologic, Inc. is proud to be an Equal Opportunity Employer inclusive of disability and veterans.