Application Security Engineer
Lumin Digital
AWSCyber SecurityJavaJavaScriptSDLCSwiftTypeScript
Principal Software Engineer
Medtronic
full-time
Posted on:
Origin: • 🇺🇸 United States • California
Visit company websiteSalary
💰 $148,000 - $222,000 per year
Job Level
Lead
Tech Stack
Cyber Security
About the role
- Lead creation, assessment, and delivery of secure CareLink applications, ensuring compliance with medical device software standards
- Review scope of changes (ESFs, Jira tickets, Dev discussions) for CareLink releases and attend cross-scrum technical calls
- Complete security assessments for CareLink releases and fill out detailed ESF write-ups as needed
- Review security write-ups with Product security team/ISAC and address comments
- Run periodic security scans each Sprint cycle and share results with development teams
- Perform static code analysis using Fortify and execute SCA/SOUP scans using tools like BlackDuck
- Review and update Threat Models and Cybersecurity Risk Assessment (CRA) reports; update security (CRM) reports per CareLink release
- Follow up on mitigations and security fixes for prior findings, including PenTest and SAST/SCA results
- Conduct ad-hoc testing to validate pen test findings and mitigations; use BurpSuite and Postman for testing
- Respond to third-party security questionnaires and maintain a SharePoint repository of assessments and questionnaires
- Coordinate with external penetration testing teams: provide environment readiness, API endpoints documentation, data flow, roles, and input parameters
- Support FedRAMP certification efforts by collecting and organizing required information and artifacts
Requirements
- Bachelor's degree with a minimum of 7 years of related experience OR Advanced degree with a minimum of 5 years of related experience
- Bachelor’s degree in Engineering or Scientific discipline (nice to have)
- Master’s degree in Engineering or Scientific discipline (nice to have)
- Strong organization acumen with the ability to communicate effectively to non-technical audiences
- Deep expertise in software test methodologies, quality standards/metrics
- Experience with APIs and data platforms; familiarity with JSON and YAML data formats
- Experience in a regulated environment
- Proficiency in application security practices, threat modeling, and Cybersecurity Risk Assessment (CRA)
- Experience performing static code analysis (SAST) and software composition analysis (SCA)
- Experience with Fortify, BlackDuck, BurpSuite, and Postman
- Experience coordinating and validating external penetration testing
- Experience preparing security documentation and compliance artifacts (e.g., FedRAMP)
- Experience running periodic security scans and following up on mitigations and security fixes
- Ability to execute ad-hoc testing to validate pen test findings and mitigations
Similar jobs on JobTailor
Senior Product Security Engineer, Assessments
Coinbase
CloudCyber SecurityGoJavaScriptOpen SourcePythonRubyWeb3
Cybersecurity Architect
Carrier
CloudCyber SecuritySDLC
Application Security Architect
Liebherr Group
AWSAzureCloudCyber SecurityDockerGoogle Cloud PlatformJenkinsKubernetesMicroservicesSDLC
Vulnerability Analyst
Powder River Industries
Cyber SecurityJavaScriptKubernetesLinuxSplunkUnix