Cybersecurity Engineer

at Abbott Laboratories
Location Santa Clara, CA
Date Posted June 21, 2021
Category Default
Job Type Full-time

Description

Abbott is a global healthcare leader that helps people live more fully at all stages of life. Our portfolio of life-changing technologies spans the spectrum of healthcare, with leading businesses and products in diagnostics, medical devices, nutritionals, and branded generic medicines. Our 109,000 colleagues serve people in more than 160 countries.

About Abbott

The key to successful treatment and full recovery is often fast, accurate diagnosis. Abbott’s life-changing tests and diagnostic tools provide insights that enable smarter, faster decisions and transform the way the world is managing health.

Our pioneering technology spans the world of healthcare operations — with medical diagnostic instruments, tests, automation and informatics solutions for hospitals, reference labs, blood centers, emergency departments, physician offices and clinics.

Our location in Santa Clara, CA currently has an opportunity for a Cybersecurity Engineer.

WHAT YOU’LL DO

This position is responsible for the design, implementation, and maintenance of security principles and policies across the AlinIQ portfolio of cutting-edge medical and non-medical software and devices. The Cybersecurity Engineer will serve as a Subject Matter Expert (SME) for product research and development teams, working closely with software engineers, product management and development, and divisional and corporate information systems. Key performance indicators for this role include assessing and maintaining compliance to security policies and standards, timely provisioning of product security assessments, and support for auditing of our secure product lifecycle for the AlinIQ portfolio of products. The role requires the ability to work in an environment that is fast paced, to work independently, and to apply the latest security design and tooling strategies available.

  • The Cybersecurity Engineer reports into the AlinIQ Product Research and Development organization as part of a cybersecurity team. The Cybersecurity Engineer is responsible for design, implementation, and analysis ensuring safe and secure products that are compliant with division, corporate, and industry regulation and meet customer and patient security expectations.

  • Responsible for applying an interdisciplinary, collaborative approach to plan, design, develop validate and verify cyber solutions across the product life cycle for our portfolio of AlinIQ products

  • Responsible to develop, evaluate and analyze design constraints, trade-offs and detailed system and security design

  • Responsible to develop and test cybersecurity features and tools

  • Responsible to conduct cybersecurity test and evaluation of hardware and/or software designs to verify and validate compliance with defined specifications and requirements

  • Responsible for working within a collaborative, multi-discipline environment to produce secure deliverable products as part of an Agile team

  • Implement security testing in our CI/CD pipeline

  • Employ cybersecurity processes, methods, techniques and tools and assure their consistent application

  • Drive efficiency through standardization, automation, documentation, and cross-training

  • Analyze source code, test data, and security scan reports for vulnerabilities and develop/implement mitigations

  • Identify security design gaps in existing and proposed products and recommend changes or enhancements

  • Perform threat identification and mitigation activities using industry leading security controls and tools sets

  • Assist development teams on how to apply secure coding practices, properly scan and remediate their code

  • Maintain portfolio compliance with applicable Corporate and Divisional Policies and procedures

  • Build and maintain relationships necessary for the successful execution and sustainability of the product portfolio cybersecurity program

  • Stay abreast of changes in the business and product environment as well as the evolving regulatory and threat landscape

  • Ability to articulate technical discussions with internal and external stake holders / customers

  • Integrates Knowledge of technical standards with communication, leadership and business skills

  • Participates in establishing technology-specific vision and strategy

  • Participates in the development of Abbott Security policies as applicable to area of expertise

  • May require travel based on project needs

EDUCATION AND EXPERIENCE

Minimum Qualifications:

  • BA/BS Degree in Engineering, Computer Science, MIS, Telecommunications or related field.

  • 4 – 8 years IT experience with Fortune 500 company; 5+ years of experience in secure product development lifecycle engineering strongly desired

Preferred Qualifications:

  • Previous work experience in a product cybersecurity role is preferred

  • Strong understanding of product cybersecurity and the relationship between threat, vulnerability and potential customer risk in the context of risk management

  • Familiarity with design of diagnostic medical devices is a plus

  • Understanding of industry standards such as the NIST Cybersecurity Framework, FedRAMP, RMF, IMDRF, TIR-57 Principles for medical device security risk management, etc.

  • Demonstrated knowledge of container technology (such as Docker), database technology (such as MySQL, MS-SQL, or Postgresql) and development language (such as Java, JavaScript or Python)

  • Experience with secure configuration/hardening of systems

  • Knowledge of securing Kubernetes and Docker Containers

  • Knowledge of Oracle, Delphi and Windows (client server applications) a plus

  • ISC2 CCSP Certified Cloud Security Professional, ITIL Certification(s), or CCNA/P is desirable

  • Current AWS/Azure Certifications preferred, but not required

  • Certifications such as CISA, CISM, CRISC, CISSP, CPP, CFE or SANS are preferred

  • Experience in NIST Risk Management Framework and Software Assurance measures and practices preferred

  • Experience in cryptographic standards and methods and detailed knowledge of cryptographic key management preferred

  • Knowledge about the latest methodologies for product cybersecurity risk assessment and vulnerability management and technologies and tools used within the product security domain is desired

  • Experience in Atlassian suite – JIRA, Bitbucket and Confluence preferred

  • Must have strong interpersonal, analytical, problem solving and organizational skills, and the ability to independently work as a contributing member in a high-paced and focused team

  • Strong written and verbal communication and presentation skills

WHAT WE OFFER

At Abbott, you can have a good job that can grow into a great career. We offer:

  • Training and career development, with onboarding programs for new employees and tuition assistance

  • Financial security through competitive compensation, incentives and retirement plans

  • Health care and well-being programs including medical, dental, vision, wellness and occupational health programs

  • Paid time off

  • 401(k) retirement savings with a generous company match

  • The stability of a company with a record of strong financial performance and history of being actively involved in local communities

Learn more about our benefits that add real value to your life to help you live fully: http://www.abbottbenefits.com/pages/candidate.aspx

Follow your career aspirations to Abbott for diverse opportunities with a company that provides the growth and strength to build your future. Abbott is an Equal Opportunity Employer, committed to employee diversity.

Connect with us at www.abbott.com, on Facebook at www.facebook.com/Abbott and on Twitter @AbbottNews and @AbbottGlobal.

IT/SD/PROF2/8061/006