Vantive
Senior Principal Engineer, Product Security
Vantive, Minneapolis, Minnesota, United States, 55447
Vantive is a vital organ therapy company on a mission to extend lives and expand possibilities for patients and care teams everywhere. For 70 years, our team has driven meaningful innovations in kidney care. As we build on our legacy, we are deepening our commitment to elevating the dialysis experience through digital solutions and advanced services, while looking beyond kidney care and investing in transforming vital organ therapies. Greater flexibility and efficiency in therapy administration for care teams, and longer, fuller lives for patients— that is what Vantive aspires to deliver.
We believe Vantive will not only build our leadership in the kidney care space, it will also offer meaningful work to those who join us. At Vantive, you will become part of a community of people who are focused, courageous and don’t settle for the mediocre. Each of us is driven to help improve patients’ lives worldwide. Join us in advancing our mission to extend lives and expand possibilities.
Your Role As the Sr. Principal Product Security Engineer you will be responsible for designing, building, testing and implementing systems with the primary goal of product security across Vantive’s software within the medical device product portfolio in various operating environments. Prevention of breach of Intellectual Property (IP), attack surface minimization, preventive security and privacy controls, and incident/vulnerability management are some of the focal areas for this position.
This role requires deep knowledge of security by design, web‑based secure code principles, and web application development including microservice security and system hardening in cloud environments. Candidates should have experience in web‑application development or cloud software development with a desire to secure products protecting our customers and patients who use our products each day. Success in this role requires a strong understanding and interest in the latest security standards, systems, protocols, and products.
What you’ll be doing
Work directly with software developers in building a security by design mindset by defining implementations and coding inline with the Application Security Program mandates
Implement secure code solutions, design patterns, and code guidelines that meet security and privacy requirements defined in the security plans, risk assessments, policies, and procedures
Support security project governance through scheduling activities, planning and prioritization
Proactively drive security solutions implementation in‑alignment with the development leads, security architects and product owner(s)
Drive feature implementations in line with the architecture via designs, coding, reviews and tests. Perform Proof of Concept (POC) activities as necessary
Review, analyze and mitigate SAST, DAST, SCA, and penetration test results in collaboration with the developers for various non‑medical and software as medical devices (SaMD) product lifecycles
Review current software security control measures and implement security enhancements for multiple cloud‑based products
Participate in post‑market product analysis to support vulnerability investigations as required and be engaged in continuous security monitoring
What you’ll bring
Experienced security developer able to interpret and guide software development teams on secure coding practices and application security test report interpretation for various coding languages and multiple cloud services
Strong knowledge of secure software development lifecycle and practices including SAFe/ Agile methodologies for software development
Understanding of security by design principles and architecture level security concepts
Sound understanding and experience in implementing security technologies/techniques like cryptographic algorithms/cipher suites, public key infrastructure (PKI), network security protocols, OAuth, 2‑factor authentication, and data at rest encryption standards
Experience implementing OWASP Top10 application security guidelines in cloud‑based web applications
Experience with cloud‑based design and security controls (e.g. network security, instance hardening, identity and access control, cloud environment configuration best practices)
Experienced in generating, defining, and reviewing penetration test results through knowledge of standard methodologies and tools including environmental configuration definition, security analysis, threat modeling, and system security audits
Knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities
Exposure to international privacy requirements & cross‑industry trends
Qualifications and Skills
Bachelor’s degree in Computer Science, a related field or equivalent demonstrated experience and knowledge
Minimum 8+ years of experience in software development or related fields
Minimum 5 years technical experience implementing product security requirements in cloud/hosted server environment
4 years working with each of the following:
Software development experience using web/application software technologies such as C/C++, Java, .Net, Python, etc.
Experience analyzing, interpreting, and mitigating security findings from multiple sources including SAST, DAST, SCA and penetration tests
AWS network security controls
Benefits Vantive offers comprehensive compensation and benefits packages for eligible roles. Our health and well‑being benefits include medical, dental and vision coverage that start on day one, as well as insurance coverage for basic life, accident, short‑term and long‑term disability, and business travel accident insurance. Financial and retirement benefits include the Aon Pooled Employer Plan (Aon PEP), Vantive’s 401(k) retirement savings plan, and additional benefits such as Flexible Spending Accounts, educational assistance programs, and paid time off.
Equal Employment Opportunity Vantive is an equal opportunity employer. Vantive evaluates qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability/handicap status or any other legally protected characteristic.
Reasonable Accommodation Vantive is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the application or interview process, please let us know the nature of your request and your contact information.
Recruitment Fraud Notice Vantive has discovered incidents of employment scams, where fraudulent parties pose as Vantive employees or recruiters. To learn how you can protect yourself, review our Recruitment Fraud Notice.
#J-18808-Ljbffr
We believe Vantive will not only build our leadership in the kidney care space, it will also offer meaningful work to those who join us. At Vantive, you will become part of a community of people who are focused, courageous and don’t settle for the mediocre. Each of us is driven to help improve patients’ lives worldwide. Join us in advancing our mission to extend lives and expand possibilities.
Your Role As the Sr. Principal Product Security Engineer you will be responsible for designing, building, testing and implementing systems with the primary goal of product security across Vantive’s software within the medical device product portfolio in various operating environments. Prevention of breach of Intellectual Property (IP), attack surface minimization, preventive security and privacy controls, and incident/vulnerability management are some of the focal areas for this position.
This role requires deep knowledge of security by design, web‑based secure code principles, and web application development including microservice security and system hardening in cloud environments. Candidates should have experience in web‑application development or cloud software development with a desire to secure products protecting our customers and patients who use our products each day. Success in this role requires a strong understanding and interest in the latest security standards, systems, protocols, and products.
What you’ll be doing
Work directly with software developers in building a security by design mindset by defining implementations and coding inline with the Application Security Program mandates
Implement secure code solutions, design patterns, and code guidelines that meet security and privacy requirements defined in the security plans, risk assessments, policies, and procedures
Support security project governance through scheduling activities, planning and prioritization
Proactively drive security solutions implementation in‑alignment with the development leads, security architects and product owner(s)
Drive feature implementations in line with the architecture via designs, coding, reviews and tests. Perform Proof of Concept (POC) activities as necessary
Review, analyze and mitigate SAST, DAST, SCA, and penetration test results in collaboration with the developers for various non‑medical and software as medical devices (SaMD) product lifecycles
Review current software security control measures and implement security enhancements for multiple cloud‑based products
Participate in post‑market product analysis to support vulnerability investigations as required and be engaged in continuous security monitoring
What you’ll bring
Experienced security developer able to interpret and guide software development teams on secure coding practices and application security test report interpretation for various coding languages and multiple cloud services
Strong knowledge of secure software development lifecycle and practices including SAFe/ Agile methodologies for software development
Understanding of security by design principles and architecture level security concepts
Sound understanding and experience in implementing security technologies/techniques like cryptographic algorithms/cipher suites, public key infrastructure (PKI), network security protocols, OAuth, 2‑factor authentication, and data at rest encryption standards
Experience implementing OWASP Top10 application security guidelines in cloud‑based web applications
Experience with cloud‑based design and security controls (e.g. network security, instance hardening, identity and access control, cloud environment configuration best practices)
Experienced in generating, defining, and reviewing penetration test results through knowledge of standard methodologies and tools including environmental configuration definition, security analysis, threat modeling, and system security audits
Knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities
Exposure to international privacy requirements & cross‑industry trends
Qualifications and Skills
Bachelor’s degree in Computer Science, a related field or equivalent demonstrated experience and knowledge
Minimum 8+ years of experience in software development or related fields
Minimum 5 years technical experience implementing product security requirements in cloud/hosted server environment
4 years working with each of the following:
Software development experience using web/application software technologies such as C/C++, Java, .Net, Python, etc.
Experience analyzing, interpreting, and mitigating security findings from multiple sources including SAST, DAST, SCA and penetration tests
AWS network security controls
Benefits Vantive offers comprehensive compensation and benefits packages for eligible roles. Our health and well‑being benefits include medical, dental and vision coverage that start on day one, as well as insurance coverage for basic life, accident, short‑term and long‑term disability, and business travel accident insurance. Financial and retirement benefits include the Aon Pooled Employer Plan (Aon PEP), Vantive’s 401(k) retirement savings plan, and additional benefits such as Flexible Spending Accounts, educational assistance programs, and paid time off.
Equal Employment Opportunity Vantive is an equal opportunity employer. Vantive evaluates qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability/handicap status or any other legally protected characteristic.
Reasonable Accommodation Vantive is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the application or interview process, please let us know the nature of your request and your contact information.
Recruitment Fraud Notice Vantive has discovered incidents of employment scams, where fraudulent parties pose as Vantive employees or recruiters. To learn how you can protect yourself, review our Recruitment Fraud Notice.
#J-18808-Ljbffr