Biosense Webster is looking for a Product Information Security Engineer.
In this role, you will be responsible for building an accountable, information security-conscious culture, and a system security infrastructure built on high-quality standards backed-up by effective operational procedures and regular status monitoring and reporting activities.
• Helping validate that our products and services are designed and implemented to the highest security standards
• Create threat models for products you're responsible for, and leverage them to prioritize time-based on risk impact.
• Collaborate with our QARA, R&D, and Corporate I.T. to rapidly and fundamentally improve the security posture of the cloud company products
• Define the right detectors and data we need to stop attackers
• Perform architecture reviews
• Educate and train product teams on security topics and skills to extend AppSec's reach by deputizing product teams to help themselves
• Prepare technical specifications and executive-ready communications
• The Product Information Security Engineer will work under the guidance of the company Product Information Security Leader, in interface with the various company departments (R&D, QA/RA, Service, IT) the product managers, and with the Johnson & Johnson Security for Products group
• Education: at least one of the following certifications: Cloud Security Knowledge/ Cloud Security Professional/ Cloud Security Specialist (CC)
• At least 5 years of experience in Cyber Security, including Cloud Security
• Demonstrated Understanding of crypto basics (encryption, signing, certificates, common algorithms)
• Knowledge of common security-relevant protocols (e.g., SSH, TLS, DNS, DHCP, NTP, ICMP)
• Deep knowledge of cloud computing infrastructure, focused on Kubernetes, Containers, and the major players (Azure, AWS)
• Wide knowledge of Web technologies, security products for Cloud/Web
• Experience in writing procedures and reports
• Excellent English (both oral and written)
• Proven experience with a wide variety of technologies and cloud services such as Azure Service Fabric, Event Hub, Azure SQL, Blobs, etc. -an advantage
• Knowledge of security frameworks and regulations such as ISO 27001, HIPAA, SOC 2, GDPR, CCPA, IMDRF- an advantage
• Proficient hands-on coding skills, scripting: PowerShell, BAH, Ansible, etc- an advantage