Product Security Engineer II

Position Summary:

As a member of Bracco Medical Technologies (BMT)'s Product Security Team, this role is responsible for driving the maturity of BMT's vulnerability management and incident response program.

This role provides the opportunity to work cross functionally with a variety of stakeholders, including product development teams, service, and sales, and contribute to product security team deliverables and activities both at the post market and premarket stage such as threat modeling, security testing and security risk management.

Primary Duties & Responsibilities:

• Engage in security research and develop tooling to enhance the post market product security capability to detect and risk assess security vulnerabilities.
• Generate and manage Software Bill of Materials (SBOM) across multiple platforms
• Detect and triage root cause and risk assess vulnerabilities found in SBOMs communicating across multiple functions in order to drive remediations on vulnerabilities detected.
• Architect solutions to remediate post market security vulnerabilities and engage cross functional stakeholders for remediation planning.
• Be part of PSIRT team, lead CVD and incident response on BMT products.
• Supports the integration of incident response and vulnerability management process into the Quality Management System.
• Develop training for cross functional stakeholders engaged in the Incident Response and Vulnerability Management Process and conduct tabletop exercises.
• Partner with the product and software engineering teams in premarket security activities to assist with design reviews, threat modeling, penetration testing, code reviews, security issues remediation, and other security related activities.
• Support software developers, system engineers and hardware/firmware engineers across business units on their premarket security practices and provide guidance regarding mitigations to emerging threats and remediation planning.

* Other duties and responsibilities as required to support the changing security needs of the organization.

Qualifications (Knowledge, Skills & Abilities):

Minimum

• Bachelor of Science in Computer Engineering, Computer Science, Software Engineering, Electrical Engineering, Computer Systems Engineering, or a related discipline.
• 3 years' experience in systems security administration control and/or software engineering experience or other related experience
• 2 years' experience in vulnerability management and incident response, product security architecture, security testing, security consultancy, or equivalent.
• Have knowledge of industry standards and frameworks such as OWASP, NIST, SANS, MITRE ATT&CK, UL 2900 etc
• Have experience in SBOM scanning and automation
• Demonstrated problem-solving ability
• Strong collaboration skills with the ability to work cross functionally.
• Ability to communicate effectively with a variety of stakeholders
• Strong interpersonal and communication skills
• Strong technical writing and presentation skills

Preferred

* Embedded system, firmware and IoT security
* Vulnerability management on products
* Development experience in C#, C++ or Java
* Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE) or Offensive Security Web Expert (OSWE) certification
* Cloud security experience

Other
* Travel up to 10% domestic and international

Compensation & Total Rewards:

Estimated Starting Salary Range: $110,000 - $120,000

*Estimated Starting Salary Range is reflective of the range Bracco Medical Technologies reasonably expects to pay for the position. The range provided is based on salary and market data specific to the position.

Total Rewards:

• Paid Time Off, Company Holidays & Paid Family Leave - We provide PTO and Company Holidays to help you recharge, relax and do what's important to you, when it's important to you. Our 100% paid family leave options for parents, grandparents and eligible family members provide support for growing families as well.
• Achieve - Beyond competitive compensation, we offer options to help you plan for a financially secure future, including an annual incentive plan and 401k savings plan contributions.
• Live well - We offer comprehensive benefit options to help protect you along the way, including medical, dental, vision, and life insurance, employer HSA contributions, employee assistance program, short-term disability, etc.
• Evolve - Through structured on-the-job learning, workshops, seminars, and our tuition reimbursement program, you'll find many opportunities to grow, personally and professionally.
• Choose - You won't find "stuffy" here-whether your position requires a hybrid or in-the-office working arrangement. That means business casual for your attire and flexibility in your schedule, wherever possible.