What are the responsibilities and job description for the Security Engineer position at Aventine software?
Job Details
Role: Security Engineer
Location: Burlingame CA (Day-1 Onsite)
Duration: 12 months
Duration: 12 months
Experience range- 11 years
Visa: H1B and above
Visa: H1B and above
What you will be doing:
Collaborate with XFN teams, including software and hardware engineers, product managers,
and medical device compliance, to design and implement secure solutions for medical devices.
Author cybersecurity management plans, and other security deliverables required to support
regulatory submissions (510(k), DeNovo, CE, etc) of RL medical device products
Conduct security risk assessments and vulnerability testing to identify potential security threats
and vulnerabilities in our products.
Develop and implement security controls, such as encryption, access controls, and secure
communication protocols, to mitigate identified risks.
Work with the software and hardware development teams to ensure that security is integrated
into the design and development and HW/SW architecture for medical device products
Provide security-focused guidance and training to other team members to ensure that security
is a top priority across all medical device programs
Work closely with 3rd party test labs to ensure that security testing and validation is executed
and completed to support product timelines
Serve as a primary point of contact between Medical Device XFN and other Security Teams
Collaborate with the legal, SWE, program management, and medical device compliance teams
to ensure that our products comply with relevant regulations and industry standards, such as
HIPAA, FDA, and GDPR.
Participate in incident response and security incident management
What we are looking for:
Should be hands-on with Open Web application security project OWASP procedures
Hands-on with Static code analyzer tools like Valgrind to trace Buffer overflow, Stack overflow,
memory leaks, API testing
Hands-on with code reviews to identify potential issues
Fluent with code injection attacks - SQL, NoSQL, OS command, Object Relational Mapping
(ORM), LDAP, and Expression Language (EL) or Object Graph Navigation Library (OGNL) injection
Identify risks during firmware update
Identify risks in Cryptography signature
Able to guide and hands-on with Toolchain hardening
Able to identify Identity and Access management attacks
Data collection, storage, privacy
Transport layer security
Threat modeling-
Identifying all assets in a system,
creating an architecture overview
Decomposing the system (or device),
Identification of threats,
Document all the threats with their respective scenarios, and
Rate each threat by its likelihood as well as impact using a rating system
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
