Sr Principal Product Security Engineer,
United States of America
Full Time
2 hours ago
$144,000 - $198,000 USD
No H1B
Key skills
CybersecuritySecure software developmentThreat modelingStatic code analysisVulnerability assessmentSecure coding practicesRisk assessmentsCollaboration
About this role
Baxter International Inc. is committed to redefining healthcare delivery to make a greater impact on lives. They are seeking a Sr. Principal Product Security Engineer to enhance the cybersecurity of their diagnostic cardiology products and ensure secure technology in life-critical medical devices.
Responsibilities:
- Define and document the security architecture and cybersecurity posture of life‑critical medical products
- Lead threat modeling, interface analysis, and secure design reviews across product lines
- Author product security whitepapers, technical documentation, and regulatory‑facing materials
- Develop Manufacturer Disclosure Statements for Medical Devices (MDS²) and related artifacts
- Produce and interpret static code analysis and vulnerability assessment reports
- Partner with development teams on security requirements and policies
- Establish and drive governance around vulnerability management, from discovery through remediation
- Support incident response, investigation, and recovery efforts in collaboration with cross‑functional teams
- Use industry‑leading tools (e.g., Tenable Nessus, Fortify, Coverity) to identify, analyze, and mitigate risks
- Monitor and assess zero‑day threats and emerging vulnerabilities
- Participate in security planning, project scoping, and delivery of security initiatives
- Evaluate third‑party and off‑the‑shelf components to ensure secure use
Requirements:
- Bachelor's degree in Computer Science or a related technical field
- 8+ years of experience working within a secure software development life cycle (SSDLC)
- Strong understanding of application security across the full software life cycle
- Hands‑on experience developing, reviewing, or enforcing secure coding practices
- Familiarity with handling PHI and PII in regulated environments
- Experience with threat modeling methodologies such as STRIDE, DREAD, LINDDUN, or PASTA
- Proven ability to perform security risk assessments and clearly communicate risk and business impact
- Experience analyzing, documenting, and remediating software and system vulnerabilities
- Expertise in designing secure networks, systems, and application architectures
- Familiarity with industry standards and guidance including IEC TR 80001, NIST 800‑53, ISO/IEC 27001 & 27002