Product Security Engineer

Join Hologic's mission to drive a Secure by Design culture within our Breast & Skeletal Health division. As a Product Security Engineer, you will play a pivotal role in ensuring the security and integrity of our innovative healthcare solutions. If you are passionate about cybersecurity and eager to work in a dynamic environment, we invite you to apply. This role may sit in Newark, DE, Santa Clara, CA, Marlborough, MA or can sit remotely. This is your chance to be part of something truly transformative and contribute to advancements in women's health.

Key Responsibilities:

1. Champion Security: Drive a Secure by Design culture across product teams, ensuring adherence to security standards and best practices.
2. Policy Enhancement: Participate in the continuous improvement of our Secure by Design policies and procedures, aligning products with the latest security requirements and regulatory standards.
3. Documentation and Architecture: Support the creation and maintenance of security design documentation and architecture diagrams.
4. Security Assessments: Conduct and document ongoing security assessments, including Threat Modeling, for Hologic products and remote connectivity solutions, providing support to product teams as needed.
5. Risk Management: Perform Security Risk Management activities to address identified vulnerabilities and security design issues.
6. Design Discussions: Create and maintain security controls and requirements while actively participating in design discussions and activities.
7. Development Support: Assist in product development efforts, including Security Code Reviews, to ensure compliance with Secure by Design principles and the implementation of appropriate security controls.
8. Automation and DevSecOps: Support the automation of security testing and reporting, manage security tooling, and secure our cloud environments.
9. Monitoring and Incident Response: Oversee ongoing security monitoring of in-market products and connected health solutions, participating in incident response investigations as necessary.
10. Education and Training: Educate sales and service teams on securing our products, connected health solutions, and their operating environments.

Ideal Candidate Profile:

1. Industry Awareness: Maintain vigilance on industry security threats, assess risks to Hologic products, and manage these risks according to established quality procedures.
2. Troubleshooting Expertise: Effectively diagnose and resolve issues associated with networked, computer-based products.
3. Travel Flexibility: Be available for travel to Hologic offices, training, and customer sites.
4. Autonomous Alignment: Work with some supervision while aligning with strategic intentions and corporate priorities.
5. Network Knowledge: Possess a strong understanding of network design concepts and a working knowledge of security analysis and protection tools.

Qualifications:

1. Education: Master’s or Bachelor’s degree in Computer Science, Management Information Science, Engineering, or a related technical field.
2. Experience: 2+ years of relevant experience in:
   1. Computer and network security
   2. Cloud base platform experience
   3. Computer networking administration
   4. Microsoft Windows and Linux operating systems
   5. Software application testing and maintenance
   6. Cybersecurity Risk Assessment
3. Technical Skills:
   1. Knowledge of the secure development lifecycle and experience in a development environment.
   2. Expertise in application secure design and code reviews, with an understanding of Secure Coding standards and common vulnerabilities (e.g., OWASP Top 10, CWEs).
   3. Proficiency in scripting and simple application development (e.g., PowerShell, Python, C#, C++).
   4. Experience with industry-standard security tools (SAST, SCA, DAST, vulnerability scanning).
   5. Expertise in Threat Modeling (STRIDE method preferred).
   6. Penetration Testing experience (direct or supportive).
   7. Experience securing development and cloud environments (Azure preferred) and the DevSecOps (CI/CD) pipeline.
   8. Strong communication skills, both verbal and written.

Preferred Qualifications:

1. Medical Systems Knowledge: Experience with medical information system administration and familiarity with medical device security standards and regulations (e.g., FDA Premarket Cybersecurity Guidance, IEC 81001-5-1, AAMI TIR57, AAMI SW96).
2. Regulated Industry Experience: Experience in software development and verification within a regulated industry.
3. Technical Support Experience: Experience providing technical support to field service teams and/or end-users.
4. Certifications: Security-related certifications (e.g., CISSP), OS (Windows, Linux), and networking (Cisco) certifications are strongly preferred.
5. DoD Certification: Experience obtaining and maintaining Department of Defense (DoD) Authority to Operate (ATO) certifications.

So why join Hologic?

We are committed to making Hologic the company where top talent comes to grow. For you to succeed, we want to enable you with the tools and knowledge required and so we provide comprehensive training when you join as well as continued development and training throughout your career. We offer a competitive salary and annual bonus scheme, one of our talent partners can discuss this in more detail with you.

If you have the right skills and experience and want to join our team, apply today. We can’t wait to hear from you!

The annualized base salary range for this role is $86,900 - $139,400 and is bonus eligible. Final compensation packages will ultimately depend on factors including relevant experience, skillset, knowledge, geography, education, business needs and market demand.

Agency and Third-Party Recruiter Notice: Agencies that submit a resume to Hologic must have a current executed Hologic Agency Agreement executed by a member of the Human Resource Department. In addition, agencies may only submit candidates to positions for which they have been invited to do so by a Hologic Recruiter. All resumes must be sent to the Hologic Recruiter under these terms or they will not be considered.

Hologic, Inc. is proud to be an Equal Opportunity Employer inclusive of disability and veterans.

LI-#DS1