Vantive
Senior Principal Engineer, Product Security
Vantive, Minneapolis, Minnesota, United States, 55400
Vantive is a vital organ therapy company on a mission to extend lives and expand possibilities for patients and care teams everywhere. For 70 years, our team has driven meaningful innovations in kidney care. As we build on our legacy, we are deepening our commitment to elevating the dialysis experience through digital solutions and advanced services, while looking beyond kidney care and investing in transforming vital organ therapies. Greater flexibility and efficiency in therapy administration for care teams, and longer, fuller lives for patients— that is what Vantive aspires to deliver.
We believe Vantive will not only build our leadership in the kidney care space, it will also offer meaningful work to those who join us. At Vantive, you will become part of a community of people who are focused, courageous and don’t settle for the mediocre. Each of us is driven to help improve patients’ lives worldwide. Join us in advancing our mission to extend lives and expand possibilities.
What you’ll do
As the Senior Principal Product Security Engineer you will be responsible for designing, building, testing and implementing systems with the primary goal of product security across Vantive’s software within the medical device product portfolio in various operating environments. Prevention of breach of Intellectual Property (IP), attack surface minimization, preventive security and privacy controls, incident/vulnerability management are focal areas. Demonstrate deep knowledge of security by design, web-based secure code principles, and web application development including microservice security and system hardening in cloud environments. Have experience in web-application development or cloud software development with a focus on securing products used by customers and patients daily. Maintain a strong understanding of the latest security standards, systems, protocols, and products. What you’ll be doing
Work directly with software developers to build a security-by-design mindset by defining implementations and coding inline with the Application Security Program mandates. Implement secure code solutions, design patterns, and code guidelines that meet security and privacy requirements defined in security plans, risk assessments, policies, and procedures. Support security project governance through scheduling activities, planning and prioritization. Proactively drive security solutions in alignment with development leads, security architects and product owners. Drive feature implementations in line with the architecture via designs, coding, reviews and tests; perform Proofs of Concept (POC) as necessary. Review, analyze and mitigate SAST, DAST, SCA, and penetration test results in collaboration with developers for various non-medical and SaMD product lifecycles. Review current software security controls and implement enhancements for multiple cloud-based products. Participate in post-market product analysis to support vulnerability investigations and continuous security monitoring. What you’ll bring
Experienced security developer able to interpret and guide software development teams on secure coding practices and application security test report interpretation across multiple languages and cloud services. Strong knowledge of secure software development lifecycle and practices including SAFe/Agile methodologies. Understanding of security by design principles and architecture-level security concepts. Experience with cryptographic algorithms/cipher suites, PKI, network security protocols, OAuth, 2-factor authentication, and data-at-rest encryption standards. Experience implementing OWASP Top 10 guidelines in cloud-based web applications. Experience with cloud-based design and security controls (network security, instance hardening, identity and access control, cloud configuration best practices). Experience generating, defining, and reviewing penetration test results through standard methodologies and tools including environmental configuration, security analysis, threat modeling, and system security audits. Knowledge of current and emerging security threats and techniques for exploiting vulnerabilities. Exposure to international privacy requirements and cross-industry trends. Qualifications and Skills
Bachelor’s degree in Computer Science, a related field or equivalent demonstrated experience and knowledge. Minimum 8+ years of experience in software development or related fields. Minimum 5 years of technical experience implementing product security requirements in cloud/hosted server environments. 4 years of experience working with the following: software development using web/application technologies such as C/C++, Java, .NET, Python. Experience analyzing, interpreting, and mitigating security findings from SAST, DAST, SCA and penetration tests. AWS network security controls. Vantive is committed to supporting flexibility in the workplace with a policy that includes a minimum of 3 days onsite per week to connect and collaborate in person in support of our mission. We understand compensation is an important factor in considering the next step in your career. The estimated base salary for this position is $128,000 - $192,000 annually, with adjustments based on location, skills, experience and other relevant factors. For questions about this, please speak to the recruiter if you are selected for an interview. US Benefits at Vantive
This section covers comprehensive compensation and benefits packages for eligible roles, including medical, dental and vision coverage from day one, life and disability insurance, and retirement plans such as the Aon Pooled Employer Plan (Aon PEP) and 401(k). We also offer Flexible Spending Accounts, educational assistance programs, and time-off benefits including paid holidays and paid time off (20–35 days, depending on length of service), family and medical leaves, and paid parental leave. Additional benefits include commuting benefits, Employee Discount Program, Employee Assistance Program (EAP), and childcare benefits. Equal Employment Opportunity
Vantive is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability status, or any other legally protected characteristic. Reasonable Accommodation Vantive is committed to providing reasonable accommodations to individuals with disabilities. If you need an accommodation for any part of the application or interview process, please contact us with your request. Recruitment Fraud Notice Vantive has identified instances of employment scams where fraudulent parties pose as Vantive employees or recruiters. To learn how to protect yourself, review our Recruitment Fraud Notice.
#J-18808-Ljbffr
As the Senior Principal Product Security Engineer you will be responsible for designing, building, testing and implementing systems with the primary goal of product security across Vantive’s software within the medical device product portfolio in various operating environments. Prevention of breach of Intellectual Property (IP), attack surface minimization, preventive security and privacy controls, incident/vulnerability management are focal areas. Demonstrate deep knowledge of security by design, web-based secure code principles, and web application development including microservice security and system hardening in cloud environments. Have experience in web-application development or cloud software development with a focus on securing products used by customers and patients daily. Maintain a strong understanding of the latest security standards, systems, protocols, and products. What you’ll be doing
Work directly with software developers to build a security-by-design mindset by defining implementations and coding inline with the Application Security Program mandates. Implement secure code solutions, design patterns, and code guidelines that meet security and privacy requirements defined in security plans, risk assessments, policies, and procedures. Support security project governance through scheduling activities, planning and prioritization. Proactively drive security solutions in alignment with development leads, security architects and product owners. Drive feature implementations in line with the architecture via designs, coding, reviews and tests; perform Proofs of Concept (POC) as necessary. Review, analyze and mitigate SAST, DAST, SCA, and penetration test results in collaboration with developers for various non-medical and SaMD product lifecycles. Review current software security controls and implement enhancements for multiple cloud-based products. Participate in post-market product analysis to support vulnerability investigations and continuous security monitoring. What you’ll bring
Experienced security developer able to interpret and guide software development teams on secure coding practices and application security test report interpretation across multiple languages and cloud services. Strong knowledge of secure software development lifecycle and practices including SAFe/Agile methodologies. Understanding of security by design principles and architecture-level security concepts. Experience with cryptographic algorithms/cipher suites, PKI, network security protocols, OAuth, 2-factor authentication, and data-at-rest encryption standards. Experience implementing OWASP Top 10 guidelines in cloud-based web applications. Experience with cloud-based design and security controls (network security, instance hardening, identity and access control, cloud configuration best practices). Experience generating, defining, and reviewing penetration test results through standard methodologies and tools including environmental configuration, security analysis, threat modeling, and system security audits. Knowledge of current and emerging security threats and techniques for exploiting vulnerabilities. Exposure to international privacy requirements and cross-industry trends. Qualifications and Skills
Bachelor’s degree in Computer Science, a related field or equivalent demonstrated experience and knowledge. Minimum 8+ years of experience in software development or related fields. Minimum 5 years of technical experience implementing product security requirements in cloud/hosted server environments. 4 years of experience working with the following: software development using web/application technologies such as C/C++, Java, .NET, Python. Experience analyzing, interpreting, and mitigating security findings from SAST, DAST, SCA and penetration tests. AWS network security controls. Vantive is committed to supporting flexibility in the workplace with a policy that includes a minimum of 3 days onsite per week to connect and collaborate in person in support of our mission. We understand compensation is an important factor in considering the next step in your career. The estimated base salary for this position is $128,000 - $192,000 annually, with adjustments based on location, skills, experience and other relevant factors. For questions about this, please speak to the recruiter if you are selected for an interview. US Benefits at Vantive
This section covers comprehensive compensation and benefits packages for eligible roles, including medical, dental and vision coverage from day one, life and disability insurance, and retirement plans such as the Aon Pooled Employer Plan (Aon PEP) and 401(k). We also offer Flexible Spending Accounts, educational assistance programs, and time-off benefits including paid holidays and paid time off (20–35 days, depending on length of service), family and medical leaves, and paid parental leave. Additional benefits include commuting benefits, Employee Discount Program, Employee Assistance Program (EAP), and childcare benefits. Equal Employment Opportunity
Vantive is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability status, or any other legally protected characteristic. Reasonable Accommodation Vantive is committed to providing reasonable accommodations to individuals with disabilities. If you need an accommodation for any part of the application or interview process, please contact us with your request. Recruitment Fraud Notice Vantive has identified instances of employment scams where fraudulent parties pose as Vantive employees or recruiters. To learn how to protect yourself, review our Recruitment Fraud Notice.
#J-18808-Ljbffr