Lead Engineer – Product Security Representative

Job Requirements

Company: Quest Global

Job Category: Med Tech and Healthcare

We are seeking a highly skilled and experienced Product Security Representative to join our team at Quest Global. As a Lead Engineer, you will play a crucial role in product security activities for our Med Tech and Healthcare projects.

Roles and Responsibilities:
• The Product Security Representative (PSR) will be responsible for ensuring the security and compliance of software products
• Provide security guidance to product teams and assist in identifying and mitigating security risks in the development process.
• Respond to security incidents, conduct investigations, and communicate findings to relevant stakeholders.
• Stay current with industry trends and emerging threats and advise product teams on how to address these risks.
• Communicate security information to stakeholders, including customers and other relevant parties.
• Collaborate with other security teams within the organization, such as the Information Security team, to ensure alignment with the overall security strategy of the company.
• Respond to audits and work with the Product Security Leader to ensure compliance with relevant regulations and standards, including FIPS, STIG, GDPR, and HIPAA.
• Design secure applications and provide guidance on secure application design, with a good understanding of software design principles.
• Model security threats and mitigate them to ensure the protection of Personal Identifiable Information (PII) and Personally Health Information (PHI) being transferred using DICOM.
• Possess a strong understanding of HL7 and experience working with it in the healthcare domain.

Work Experience

Required Skills:
• Bachelor’s degree in computer science, Information Security, or a related field.
• 8-10 years of experience in product security, with a focus on software security.
• Strong understanding of secure coding practices, including experience with C++, Java, Go and Python– Mandatory
• Experience in handling security assessment of Kubernetes, Microservice based architecture.
• Experience with security and compliance standards, including FIPS, STIG, GDPR, and HIPAA.
• Familiarity with OWASP vulnerability analysis, CVSS scoring and mitigation methodologies.
• Excellent communication skills, both written and verbal, and the ability to effectively communicate security information to both technical and non-technical stakeholders.
• Strong problem-solving and analytical skills, and the ability to think critically and creatively.
• Ability to work effectively in a fast-paced and dynamic environment, and to prioritize and manage multiple tasks and projects.
• Experience in working with Agile.
• Good communication and presentation skills.

Desired Skills:
• Experience in developing software applications for Medical Devices domain CT, XR, MR, Common Platform, DICOM standard and IHE standards.
• Cybersecurity certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or similar certifications are desirable.

Ability to explore large code base and understand architecture and design