Senior Product Security Engineer

Join Hologic's mission to drive a Secure by Design culture within our Breast & Skeletal Health Connected Health products. As a Senior Product Security Engineer, you will play a pivotal role in ensuring the security and integrity of our innovative healthcare solutions. If you are passionate about cybersecurity and eager to work in a dynamic environment, we invite you to apply. This role may sit in Newark, DE, Santa Clara, CA, Marlborough, MA or can sit remotely. This is your chance to be part of something truly transformative and contribute to advancements in women's health.

• →Champion Security: Drive a Secure by Design culture across product teams, ensuring adherence to security standards and best practices.
• →Policy Enhancement: Participate in the continuous improvement of our Secure by Design policies and procedures, aligning products with the latest security requirements and regulatory standards.
• →Documentation and Architecture: Support the creation and maintenance of security design documentation and architecture diagrams.
• →Security Assessments: Conduct and document ongoing security assessments, including Threat Modeling, for Hologic products and remote connectivity solutions, providing support to product teams as needed.
• →Risk Management: Perform Security Risk Management activities to address identified vulnerabilities and security design issues.
• →Design Discussions: Create and maintain security controls and requirements while actively participating in design discussions and activities.
• →Development Support: Assist in product development efforts, including Security Code Reviews, to ensure compliance with Secure by Design principles and the implementation of appropriate security controls.
• →Automation and DevSecOps: Support the automation of security testing and reporting, manage security tooling, and secure our cloud environments.
• →Monitoring and Incident Response: Oversee ongoing security monitoring of in-market products and connected health solutions, participating in incident response investigations as necessary.
• →Education and Training: Educate sales and service teams on securing our products, connected health solutions, and their operating environments.

• Industry Awareness: Maintain vigilance on industry security threats, assess risks to Hologic products, and manage these risks according to established quality procedures.
• Troubleshooting Expertise: Effectively diagnose and resolve issues associated with networked, computer-based products.
• Travel Flexibility: Be available for travel to Hologic offices, training, and customer sites.
• Autonomous Alignment: Work with some supervision while aligning with strategic intentions and corporate priorities.
• Cloud Knowledge: Possess a strong understanding of cloud design concepts and a working knowledge of security analysis and protection tools.

• Education: Master’s or Bachelor’s degree in Computer Science, Management Information Science, Engineering, or a related technical field.
• Experience: 4+ years of relevant experience in: 
  • Computer and network security
  • Cloud base platform experience 
  • Computer networking administration
  • Microsoft Windows and Linux operating systems
  • Software application testing and maintenance
  • Cybersecurity Risk Assessment
• Technical Skills:
  • Knowledge of the secure development lifecycle and experience in a development environment.
  • Expertise in application secure design and code reviews, with an understanding of Secure Coding standards and common vulnerabilities (e.g., OWASP Top 10, CWEs).
  • Proficiency in scripting and simple application development (e.g., PowerShell, Python, C#, C++).
  • Experience with industry-standard security tools (SAST, SCA, DAST, vulnerability scanning).
  • Leadership in Threat Modeling (STRIDE method preferred).
  • Penetration Testing experience (direct or supportive).
  • Securing development and cloud environments (Azure preferred) and the DevSecOps (CI/CD) pipeline.
  • Strong communication skills, both verbal and written.

• Medical Systems Knowledge: Experience with medical information system administration and familiarity with medical device security standards and regulations (e.g., FDA Premarket Cybersecurity Guidance, IEC 81001-5-1, AAMI TIR57, AAMI SW96).
• Regulated Industry Experience: Experience in software development and verification within a regulated industry.
• Technical Support Experience: Experience providing technical support to field service teams and/or end-users.
• Certifications: Security-related certifications (e.g., CISSP), OS (Windows, Linux), and networking (Cisco) certifications are strongly preferred.