Edwards is hiring for a Sr. Product Security Engineer, Vulnerability Management and Incident Response, who will report directly to the Head of Product Security. The Sr. Engineer will be responsible for building and operating the vulnerability management platform for software enabled Edwards products, as well as building and supporting incident response processes. You will be working in close collaboration with software development, risk management, complaints and quality teams, providing them with information on discovered vulnerabilities, as well as driving assessment and mitigation activities ensuring that they are fully mitigated.
* Serve as a SME in vulnerability management and incident response product security space, covering a wide range of medical devices from embedded software to mobile and cloud applications.
* Provide product security support in:
* Decomposing third-party software binaries and generating software bill of materials
* Identifying vulnerabilities in third party software components
* Identifying vulnerabilities in proprietary code
* Generating vulnerability reports, driving them through the assessment and mitigation processes
* Maintain connections with vendors and customers, staying aware of newly discovered vulnerabilities and driving coordinated vulnerability disclosure process.
* Follow incident response procedures, represent organization in communications with US Department of Homeland Security ICS-CERT and external to organization vulnerability finders.
* Stay abreast of the cyber security threats landscape to bring awareness of their applicability to Edwards solutions and work on resolving those threats and improving Edwards products security posture.
* A Bachelor's of Science Degree in Computer Science or other related area is required; a Master's Degree is preferred.
* Must have a minimum of 4 years of Cyber Security experience, leading and executing security projects in at least 3 or more of the following domains: platform security, application security, network security, infrastructure, cloud security, data security and identity and access management. A minimum of 3 years of experience is required with a Master's Degree.
* Internship and Co-op experience will count towards the total years of experience requirement.
* Must have 1-3 years of experience working as a product security engineer responsible for building and running vulnerability management and incident response.
* Experience in performing vulnerability management and incident response activities as part of a medical device program is highly preferred.
* Strong knowledge of vulnerability scanning, code scanning and software composition analysis tools, allowing to create and maintain asset inventory for software components and keep track of all the vulnerabilities associated with it.
* Expert knowledge of OWASP Top 10, CVE, CVSS 3.0 as well as ability to recognize and understand various types of application, infrastructure and protocol vulnerabilities.
* Certified Computer Security Incident Handler, GCIH, and CISSP certifications are highly preferred.
* Ability to collaborate in a very fast paced environment.
* Excellent written and verbal communication skills, with experience presenting to executive audience.
About Edwards Lifesciences
Edwards Lifesciences is an American medical equipment company specializing in artificial heart valves and hemodynamic monitoring.