Product Security Architect
Endotronix, Inc. - naperville, IL
Apply NowJob Description
About the Company Endotronix is a medical device company that aims to transform the treatment of heart failure, a chronic, progressive condition in which the heart is unable to pump enough blood to support the body. Our Cordella Heart Failure System (CHFS) includes proactive management tools for best practice care and detection of worsening heart failure. These easy-to-use tools improve patient quality of life and help to reduce hospital admissions thereby reducing health care costs. With our recent PMA approval from the FDA and acquisition by Edwards Lifesciences, we are growing our team - it's a great time to join Endotronix!About the Role The Product Security Architect will report to the Product Security leader in the Global Information Security organization. The role will serve as a key member of the Product Security team and serve as an expert security advisor and partner to the Software Development, Cloud, Quality, Regulatory, Verification and Validation teams. As a technical leader, this individual will be responsible for providing secure designs, solutions, and guidance to ensure that Endotronix's products and operational frameworks are inherently secure, compliant, and adaptive to the dynamic nature of security threats. This person will also be integral to the Endotronix Secure Development Lifecycle, ensuring that security is embedded into the fabric of Endotronix's suite of products. This is an onsite or hybrid position based in Naperville, Illinois. Responsibilities Apply Product Security experience and expertise to execute the Product Security strategy for Endotronix medical products, ensuring alignment with business objectives and regulatory requirements.Maintain expertise in the regulatory landscape, including FDA, NMPA, EU MDR, and cybersecurity laws, to guide product compliance.Ensure that Product Security complies with the evolving regulatory environment, particularly in the context of HITRUST governance.Collaborate with cross-functional teams to embed security best practices throughout the product lifecycle, from development to manufacturing, to safeguard products and ensure they align with legal, privacy, and regulatory standards.Develop Product Security requirements, threat models, secure designs, and secure software development guidance for regulated medical device products that may include embedded systems, on-prem enterprise systems and services, and cloud-based services distributed across multiple organizations and customers.Perform software code level reviews and testing.Develop and maintain a SecDevOps program and services to ensure security functions and controls are embedded in development and delivery pipelines.Perform vulnerability management for in-house and 3rd party components.Perform product risk assessments to identify risks and remediation options to address key security risks in alignment with regulatory and ethical considerations.Support Product Security engagements with external stakeholders and regulatory agencies.Stay informed about emerging security technologies and assess their relevance to a highly regulated medical device industry.Keep abreast of new security threats and continuously refine security practices to mitigate risks.Help advance and mature the Secure Software Development Lifecycle, ensuring consistent adoption across product teams and alignment to Endotronix Quality Management System.Enhance security tooling, automation, and processes to streamline how product teams address security.EducationBachelor's degree in Cybersecurity, Computer Science, Computer Engineering or related field; or equivalent experience. Certifications such as CISSP, CISM, CSSLP, GIAC, MCSE, CCSP or equivalent are preferred.Required Skills A solid foundation of at least ten years in Information Technology and Product Security, including, at least, three years of Product Security architecture in a regulated environment.Strong experience designing, implementing, and automating cloud-native and cloud-enabled services and solutions in cloud environments, including AWS.Strong understanding of AWS IAM, Microsoft Entra ID, and Cloud IAM solutions for securing both cloud-native and custom resources.Strong experience integrating and managing security services in a SecDevOps framework.Experience with both connected and disconnected products, secure software development lifecycle, risk mitigation strategies, threat modeling, and vendor supply chain security.Proven ability to design and manage secure network architectures, including Virtual Private Clouds, subnets, and security groups.Deep understanding of the Design Control process, ensuring that all product design and development is conducted in accordance with pertinent Quality System Regulations and international -depth understanding of AWS Key Management Service, CloudHSM, Certificate Manager and data encryption techniques.Extensive knowledge of AWS logging and monitoring solutions, including CloudTrail, AWS Config, and Amazon prehensive understanding of AWS serverless resources and their security implications.Prior experience in securing APIs using AWS API Gateway, Web Application Firewalls (WAF), and custom implementations.Strong understanding of the AWS and Azure Well-Architected Framework, with a focus on the Security Pillar.Experience navigating and executing Product Security requirements with 510(k), De Novo and PMA-regulated products.Experience with and working knowledge of regulatory requirements (FDA, NMPA, EU MDR, NIST CSF, NIST 800-53, etc.).Excellent written and verbal communication skills for a wide variety of audiences, with the ability to influence and drive decisions both within the organization and in external engagements. Preferred Skills Relentlessly focused on data and hypothesis driven decision making to create the best experiences for ETX patients and customers.Someone with a bias for action and quick iteration as opposed to perfection.A quick learner, who is able to work independently, multitask, and drive your own projects.An effective communicator and collaborator who can synthesize insights from multiple stakeholders across business functions to deliver purpose-built insights, models and tools that provide easily interpretable and actionable results.A team player who can inspire teams to deliver together, embodying the idea that the whole is greater than the sum of the parts.Passionate about digital healthcare and leveraging Data to deliver innovative solutions at scale.LIFE AT ENDOTRONIXOur shared company values create a foundation of trust and collaboration. United in a common purpose, we excel at the task at hand to provide best-in-class medical technology and customer service to our patients and clinicians. And along the way we make sure to have a little fun, continue to grow and celebrate our successes.We provide a competitive compensation package, comprehensive benefits including unlimited PTO, and an environment that will help you to thrive and succeed in your career.Endotronix is an equal opportunity employer, and we are committed to providing equal employment opportunities to all persons without regard to race, creed, color, religion, national origin, gender, marital status, citizenship status, age, veteran status, or disability. We are passionately committed to building a diverse organization where all perspectives and cultures are celebrated.
Created: 2024-11-06