Senior Principal Product Security Engineer,
United States
Full Time
2 hours ago
$128,000 - $176,000 USD
No H1B
Key skills
Collaboration
About this role
Baxter International Inc. is dedicated to redefining healthcare delivery and saving lives. They are seeking a Senior Principal Product Security Engineer to enhance the cybersecurity of their diagnostic cardiology products by driving secure design and collaborating with product development teams to embed security throughout the software lifecycle.
Responsibilities:
- Define and document the security architecture and cybersecurity posture of life‑critical medical products
- Lead threat modeling, interface analysis, and secure design reviews across product lines
- Author product security whitepapers, technical documentation, and regulatory‑facing materials
- Develop Manufacturer Disclosure Statements for Medical Devices (MDS²) and related artifacts
- Produce and interpret static code analysis and vulnerability assessment reports
- Partner with development teams on security requirements and policies
- Establish and drive governance around vulnerability management, from discovery through remediation
- Support incident response, investigation, and recovery efforts in collaboration with cross‑functional teams
- Use industry‑leading tools (e.g., Tenable Nessus, Fortify, Coverity) to identify, analyze, and mitigate risks
- Monitor and assess zero‑day threats and emerging vulnerabilities
- Participate in security planning, project scoping, and delivery of security initiatives
- Evaluate third‑party and off‑the‑shelf components to ensure secure use
Requirements:
- Bachelor's degree in Computer Science or a related technical field
- 8+ years of experience working within a secure software development life cycle (SSDLC)
- Strong understanding of application security across the full software life cycle
- Hands‑on experience developing, reviewing, or enforcing secure coding practices
- Familiarity with handling PHI and PII in regulated environments
- Experience with threat modeling methodologies such as STRIDE, DREAD, LINDDUN, or PASTA
- Proven ability to perform security risk assessments and clearly communicate risk and business impact
- Experience analyzing, documenting, and remediating software and system vulnerabilities
- Expertise in designing secure networks, systems, and application architectures
- Familiarity with industry standards and guidance including IEC TR 80001, NIST 800‑53, ISO/IEC 27001 & 27002