Baxter
Product Cyber Specialist
Baxter, Deerfield, Illinois, United States, 60063
This is where you save and sustain livesAt Baxter, we are deeply connected by our mission. No matter your role at Baxter, your work makes a positive impact on people around the world. You'll feel a sense of purpose throughout the organization, as we know our work improves outcomes for millions of patients.Baxter's products and therapies are found in almost every hospital worldwide, in clinics and in the home. For over 85 years, we have pioneered significant medical innovations that transform healthcare.Together, we create a place where we are happy, successful and inspire each other. This is where you can do your best work.Join us at the intersection of saving and sustaining lives- where your purpose accelerates our mission.Your Role:
Baxter Healthcare's mission is to save and sustain lives by delivering products and services that are the crucial building blocks of healthcare. Also meaningful to Baxter is ensuring the safety and security of its medical devices. Baxter is seeking a Medical Device Cybersecurity Engineer, whose main responsibility is to ensure the safety and security of the global corporation's medical devices, products, and applications. The candidate will perform powerful medical device cybersecurity pre-market threat analysis and risk assessment. The candidate will help ensure that cybersecurity is an integral component throughout the product development.The candidate must have an excellent combination of software development skills and knowledge in security principles to prioritize the functional/technical aspects of the solution, and then help the product teams to implement the implementation.This role will work with a team of engineers, architects, and analysts cross multiple organizations, supporting cybersecurity feature prototyping, threat analysis, and penetration test finding/vulnerability assessment.What You'll Be Doing:
Accountable for defining and implementing the Cybersecurity strategy across Digital solutions and technical services portfolio.Provide leadership, strategic mentorship and multi-functionally collaborate with GBUs to architect, design and develop the software security features for multiple products and platforms.Implement innovative security solutions for platforms and/or server platforms.Lead implementation of medical device cybersecurity functionalities that are part of an overall security architecture, including common security protocol stacks such as IPsec, TLS, OAuth, and SAML.Model cybersecurity threats using tools such as STRIDE, and assess risks using CVSS.Assess security findings from various sources. This includes Static Code Analysis and Penetration Testing.Identify known/unknown vulnerabilities associated with Baxter's medical devices and provide inputs/technical expertise to multiple teams to eliminate/mitigate identified cybersecurity risks.Develop security tools that help to collect cyber threat intelligence, supervise emerging vulnerabilities in software, and implement secure coding standards.Support medical device cybersecurity certification programs such as UL 2900.Perform internal security tests to validate security capabilities and compliance for medical devices.Work with internal or external resources to plan and implement Security Activities (like Penetration Testing) on various products.Maintain relationships with strategic partners in this space to ensure Baxter development process with respect to Cybersecurity, is industry leading, Top Quartile.Work with ministries of health, and certifying bodies to represent the company and devices in threat analysis, certification and notificationsWhat You'll Bring:
Bachelor's degree in Computer Science, Electrical Engineering, Software Engineering or related engineering discipline.Masters degree preferred.Experience in testing and implementing security controls for medical devices is strongly preferred.10+ years of experience in industry- healthcare, medical device preferred.Working knowledge in Operating Systems such as Linux.Knowledge of threat modeling tools like Microsoft Stride, malware analysis, digital forensicsKnowledge in modern software development process and DevOps tools such as Jenkins, Git and Gerrit.Some knowledge in cybersecurity standards such as NIST 800-53, ISO 27001, and FIPS 140-2 is preferred..Experience or strong interest in IoT (Internet of Things) device development, especially in embedded platform security, device communication protocols, and cryptographic functions.We understand compensation is an important factor as you consider the next step in your career. At Baxter, we are committed to equitable pay for all employees, and we strive to be more transparent with our pay practices. The estimated base salary for this position is $120,000.00 to $165,000.00 annually. The estimated range is meant to reflect an anticipated salary range for the position. We may pay more or less than of the anticipated range based upon market data and other factors, all of which are subject to change. Individual pay is based on upon location, skills and expertise, experience, and other relevant factors. For questions about this, our pay philosophy, and available benefits, please speak to the recruiter if you decide to apply and are selected for an interview.Applicants must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment visa at this time.Equal Employment OpportunityBaxter is an equal opportunity employer. Baxter evaluates qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability/handicap status or any other legally protected characteristic.
EEO is the LawEEO is the law - Poster SupplementPay Transparency PolicyReasonable Accommodations
Baxter is committed to working with and providing reasonable accommodations to individuals with disabilities globally. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the application or interview process, please click on the link here and let us know the nature of your request along with your contact information.Recruitment Fraud Notice
Baxter has discovered incidents of employment scams, where fraudulent parties pose as Baxter employees, recruiters, or other agents, and engage with online job seekers in an attempt to steal personal and/or financial information. To learn how you can protect yourself, review our Recruitment Fraud Notice.146572
Baxter Healthcare's mission is to save and sustain lives by delivering products and services that are the crucial building blocks of healthcare. Also meaningful to Baxter is ensuring the safety and security of its medical devices. Baxter is seeking a Medical Device Cybersecurity Engineer, whose main responsibility is to ensure the safety and security of the global corporation's medical devices, products, and applications. The candidate will perform powerful medical device cybersecurity pre-market threat analysis and risk assessment. The candidate will help ensure that cybersecurity is an integral component throughout the product development.The candidate must have an excellent combination of software development skills and knowledge in security principles to prioritize the functional/technical aspects of the solution, and then help the product teams to implement the implementation.This role will work with a team of engineers, architects, and analysts cross multiple organizations, supporting cybersecurity feature prototyping, threat analysis, and penetration test finding/vulnerability assessment.What You'll Be Doing:
Accountable for defining and implementing the Cybersecurity strategy across Digital solutions and technical services portfolio.Provide leadership, strategic mentorship and multi-functionally collaborate with GBUs to architect, design and develop the software security features for multiple products and platforms.Implement innovative security solutions for platforms and/or server platforms.Lead implementation of medical device cybersecurity functionalities that are part of an overall security architecture, including common security protocol stacks such as IPsec, TLS, OAuth, and SAML.Model cybersecurity threats using tools such as STRIDE, and assess risks using CVSS.Assess security findings from various sources. This includes Static Code Analysis and Penetration Testing.Identify known/unknown vulnerabilities associated with Baxter's medical devices and provide inputs/technical expertise to multiple teams to eliminate/mitigate identified cybersecurity risks.Develop security tools that help to collect cyber threat intelligence, supervise emerging vulnerabilities in software, and implement secure coding standards.Support medical device cybersecurity certification programs such as UL 2900.Perform internal security tests to validate security capabilities and compliance for medical devices.Work with internal or external resources to plan and implement Security Activities (like Penetration Testing) on various products.Maintain relationships with strategic partners in this space to ensure Baxter development process with respect to Cybersecurity, is industry leading, Top Quartile.Work with ministries of health, and certifying bodies to represent the company and devices in threat analysis, certification and notificationsWhat You'll Bring:
Bachelor's degree in Computer Science, Electrical Engineering, Software Engineering or related engineering discipline.Masters degree preferred.Experience in testing and implementing security controls for medical devices is strongly preferred.10+ years of experience in industry- healthcare, medical device preferred.Working knowledge in Operating Systems such as Linux.Knowledge of threat modeling tools like Microsoft Stride, malware analysis, digital forensicsKnowledge in modern software development process and DevOps tools such as Jenkins, Git and Gerrit.Some knowledge in cybersecurity standards such as NIST 800-53, ISO 27001, and FIPS 140-2 is preferred..Experience or strong interest in IoT (Internet of Things) device development, especially in embedded platform security, device communication protocols, and cryptographic functions.We understand compensation is an important factor as you consider the next step in your career. At Baxter, we are committed to equitable pay for all employees, and we strive to be more transparent with our pay practices. The estimated base salary for this position is $120,000.00 to $165,000.00 annually. The estimated range is meant to reflect an anticipated salary range for the position. We may pay more or less than of the anticipated range based upon market data and other factors, all of which are subject to change. Individual pay is based on upon location, skills and expertise, experience, and other relevant factors. For questions about this, our pay philosophy, and available benefits, please speak to the recruiter if you decide to apply and are selected for an interview.Applicants must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment visa at this time.Equal Employment OpportunityBaxter is an equal opportunity employer. Baxter evaluates qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability/handicap status or any other legally protected characteristic.
EEO is the LawEEO is the law - Poster SupplementPay Transparency PolicyReasonable Accommodations
Baxter is committed to working with and providing reasonable accommodations to individuals with disabilities globally. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the application or interview process, please click on the link here and let us know the nature of your request along with your contact information.Recruitment Fraud Notice
Baxter has discovered incidents of employment scams, where fraudulent parties pose as Baxter employees, recruiters, or other agents, and engage with online job seekers in an attempt to steal personal and/or financial information. To learn how you can protect yourself, review our Recruitment Fraud Notice.146572