Apply for this Job
Position : Staff Engineer Location : San Jose, CA Duration : 12 Months Contract Total Hours/week :40.00 1st Shift Staff Engineer Product Security Prefer candidates local to position Job Description: - Client Biosciences is currently seeking a Staff Engineer to supplement our growing product security team. At Client Biosciences, you will have the opportunity to make key contributions to the security of medical devices and systems that are used to help all people live healthy lives. As a member of the product security team, the Staff Engineer Product Security will be responsible for working with software development teams to assess potential security vulnerabilities using recognized security standards and provide recommendations on resolving them. They must also have knowledge of operating systems as well as techniques and standards for security hardening (NIST SP 800-53, ISO/IEC 27001, OWASP, etc.).
- Potential candidates must be able to apply technical expertise and diagnostic skill to the evaluation of security vulnerabilities in combination with experience in security risk management to develop maintainable technical solutions.
- A successful candidate will thrive on working with other software engineers in a dynamic and collaborative development environment where meeting project goals and delivering quality is key. Responsibilities: Lead product security risk assessments, hazard analysis, and provide vulnerability remediation guidance to product development software engineers. Implement software and OS security solutions in accordance with industry accepted standards for medical devices including: encryption, recovery, authentication, audit logging, hardening measures, patch management, vulnerability monitoring, and antivirus/antimalware. Develop and administer software engineering procedures and training for vulnerability scanning and static code analysis tools. Support systems for automated testing of software vulnerabilities and verification of OS security patches. Assist product development teams in creating security documentation including Incident and Vulnerability Management Plans and Product Security White Papers. Participate on product security incident response teams as appropriate. Participate in technical design reviews and code inspections and provide clear, actionable feedback for project team members, including demonstrating proper coding practices. Work with the project teams to develop necessary requirements, specifications and testing scope for OS configuration and patch verification for products. Ensure quality in security test deliverables, including design, data summary and interpretation, report and document preparation and review for adherence to applicable regulations.
Qualifications: - Required Must Have software testing experience
- Must Have experience with Windows Operating System (windows configuration and security)
- Must Have strong communication skills
- Must Have previous experience with product development and code scanning tools/ assessing vulnerability
- Minimum of a Bachelor's Degree in Electrical Engineering, Computer Science or related engineering field.
- Minimum of 4 years of experience in software development.
- Minimum of 3 years of experience in product development within a quality management system.
- Minimum of 2 year of experience in secure coding practices.
- Experience with use and reporting from static code analysis and vulnerability scanning tools.
- Demonstrated positive work ethic with a strong commitment to achieving project goals. Excellent written and oral communication skills are essential. Experience with the Agile / Scrum development lifecycle.
- Preferred 3 years of experience developing with C and .NET frameworks or JavaScript. 2 years of experience with Agile / Scrum development lifecycle.
- 2 years of experience in medical devices / regulated environment. Knowledge of information security standards for product development.
- Experience with cyber security risk assessment and threat modeling. Knowledge of Windows OS configuration (ex. security, group policies, remote access). Experience with Database access management and security policies. Prefer candidates local to position. Would like to start sooner if possible.
Date Posted: 01 April 2025
Apply for this Job