Cyber Crime
Senior Product Security Engineer @ Olympus Corporation of the Americas
Cyber Crime, Brooklyn Park, Minnesota, United States,
Olympus Corporation of the Americas
Making people’s lives healthier, safer, and more fulfilling is our ultimate purpose. Being True to Life means creating new solutions, making a positive impact on society, and enhancing the way people live. Working Location: MINNESOTA, BROOKLYN PARKWorkplace Flexibility: HybridFor more than 100 years, Olympus has focused on making people’s lives healthier, safer and more fulfilling.Every day, we live by our philosophy, True to Life, by advancing medical technologies and elevating the standard of patient care so people everywhere can fulfill their desires, dreams, and lives.Our five Core Values empower us to achieve Our Purpose: Patient Focus, Integrity, Innovation, Impact and Empathy.Job Description
The Olympus Digital Unit is developing new software-based products that will require the management of security risks. The Senior Product Security Engineer within the Digital Unit will assist with executing the security risk management process over the lifecycle of cloud-based products including security risk analysis (inclusive of threat modeling), security risk evaluation, and security risk control. This role will also support the assessment and mitigation of security vulnerabilities in legacy products.Job Duties
Performs tasks associated with security risk management for the Olympus Digital Unit.Develops threat models for medical device systems whose functionality is supported by Google Cloud Platform, Azure, or AWS.Develops security risk management and threat modeling documentation as required by the Olympus Quality Management System.Supports the assessment and mitigation of security vulnerabilities in legacy products.Supports product authorization and certification activities including ISO 27001, SOC 2, HITRUST, and FedRAMP.Collaborates with teams in quality, regulatory, and legal to enhance processes, procedures, and work instructions associated with security risk management and threat modeling.Ensures compliance with regulatory requirements, industry standards, and internal policies governing product security.Stays informed about new tools, regulations, standards, and best practices of the industry.Job Qualifications
Required:Bachelor's degree in Computer Science, Engineering, information technology, cybersecurity, or related area required, or minimum of 5 years’ experience in a relevant industry.Minimum of 2 years’ experience working as a Software Security Engineer or Systems Engineering professional.Experience with embedded technology and software security.Experience in using a Secure Product Development Framework (SPDF) within an agile environment.Experience with security techniques and standards for authentication, authorization, and cryptography (symmetric and asymmetric).Recent experience with threat modelling of cloud-based systems (SaaS, IaaS, or PaaS) using STRIDE or other industry-recognized methods to identify threat events and vulnerabilities.Extensive experience with the development of data flow diagrams (DFDs) for cloud-based systems including identification of external/internal entities, processes, data stores, data flows, and trust boundaries.Experienced user of standards, technical reports, and plans for medical device security including AAMI TIR57, AAMI TIR97, ANSI/AAMI SW96, IEC 81001-5-1, and the Medical Device and Health IT Joint Security Plan.Experience with applying CVSS 3.1 and CVSS 4.0 for vulnerability prioritization.Experience with supporting coordinated vulnerability disclosure in a regulated industry.Knowledge of government and sector-agnostic publications for security risk management including NIST SP 800-39, NIST SP 800-30, NIST SP 800-53, and ISO 27005.Experience of vulnerability handling and disclosure standards such as ISO/IEC 30111 and ISO/IEC 29147, respectively.Knowledge of requirements specified by IEC 62304 and ISO 14971 for medical device software life-cycle processes and medical device risk management, respectively.Knowledge of medical device cybersecurity guidance published by the U.S. Food & Drug Administration, EU Medical Device Coordination Group, Health Canada, Therapeutic Goods Administration (Australia), and the International Medical Device Regulators Forum (IMDRF).Excellent analytical and troubleshooting skills.Ability to work both independently and in a team environment.Excellent communication skills, oral and written.Able to work in a multi-discipline collaborative environment to include international colleagues and Olympus partners.Preferred:Systems engineering background preferred.Certifications (preferred): CISSP, CSSP, CRISC, CompTIA Security+We offer a holistic employee experience supporting personal and professional well-being through meaningful work, equitable offerings, and a connected culture.Equitable Offerings you can count on:Competitive salaries, annual bonus and 401(k)* with company match24/7 Employee Assistance ProgramFree live and on-demand Wellbeing ProgramsGenerous Paid Vacation and Sick TimePaid Parental Leave and Adoption Assistance*12 Paid HolidaysOn-Site Child Daycare, Café, Fitness Center**Connected Culture you can embrace:Work-life integrated culture that supports an employee centric mindsetOffers onsite, hybrid and field work environmentsPaid volunteering and charitable donation/match programsDiversity Equity & Inclusion Initiatives including Employee Resource GroupsDedicated Training Resources and Learning & Development ProgramsAt Olympus, we are committed to Our Purpose of making people’s lives healthier, safer and more fulfilling. As a global medical technology company, we partner with healthcare professionals to provide best-in-class solutions and services for early detection, diagnosis and minimally invasive treatment, aiming to improve patient outcomes by elevating the standard of care in targeted disease states.For more than 100 years, Olympus has pursued a goal of contributing to society by producing products designed with the purpose of delivering optimal outcomes for its customers around the world.Headquartered in Tokyo, Japan, Olympus employs more than 31,000 employees worldwide in nearly 40 countries and regions. Olympus Corporation of the Americas, a wholly owned subsidiary of Olympus Corporation, is headquartered in Center Valley, Pennsylvania, USA, and employs more than 5,200 employees throughout locations in North and South America. For more information, visit www.olympusamerica.com.Olympus is dedicated to building a diverse, inclusive and authentic workplace. We recognize diversity in people, views and lifestyle choices and emphasize the importance of inclusion and mutual respect. We strive to continue to foster empathy and unity in the workplace so that our employees can fully contribute and thrive.Let’s realize your potential, together.It is the policy of Olympus to extend equal employment and advancement opportunity to all applicants and employees without regard to race, color, national origin (including language use restrictions), citizenship status, religious creed (including dress and grooming practices), age, sex (including pregnancy, childbirth, breastfeeding, medical conditions related to pregnancy, childbirth and/or breastfeeding), gender, gender identity and expression, sexual orientation, marital status, disability (physical or mental) and/or a medical condition, genetic information, ancestry, veteran status or service in the uniformed services, and any other characteristic protected by applicable federal, state or local law.Applicants with Disabilities:As a Federal Contractor, Olympus is committed to ensuring our hiring process is accessible to everyone. If you need an accommodation in order to complete the application or hiring process, please contact Olympus via email at OCAAccommodations@olympus.com. If your disability impairs your ability to email, you may call our HR Compliance Manager at 1-888-Olympus (1-888-659-6787).Posting Notes: || United States (US) || Minnesota (US-MN) || Brooklyn Park || Research and Development
#J-18808-Ljbffr
Making people’s lives healthier, safer, and more fulfilling is our ultimate purpose. Being True to Life means creating new solutions, making a positive impact on society, and enhancing the way people live. Working Location: MINNESOTA, BROOKLYN PARKWorkplace Flexibility: HybridFor more than 100 years, Olympus has focused on making people’s lives healthier, safer and more fulfilling.Every day, we live by our philosophy, True to Life, by advancing medical technologies and elevating the standard of patient care so people everywhere can fulfill their desires, dreams, and lives.Our five Core Values empower us to achieve Our Purpose: Patient Focus, Integrity, Innovation, Impact and Empathy.Job Description
The Olympus Digital Unit is developing new software-based products that will require the management of security risks. The Senior Product Security Engineer within the Digital Unit will assist with executing the security risk management process over the lifecycle of cloud-based products including security risk analysis (inclusive of threat modeling), security risk evaluation, and security risk control. This role will also support the assessment and mitigation of security vulnerabilities in legacy products.Job Duties
Performs tasks associated with security risk management for the Olympus Digital Unit.Develops threat models for medical device systems whose functionality is supported by Google Cloud Platform, Azure, or AWS.Develops security risk management and threat modeling documentation as required by the Olympus Quality Management System.Supports the assessment and mitigation of security vulnerabilities in legacy products.Supports product authorization and certification activities including ISO 27001, SOC 2, HITRUST, and FedRAMP.Collaborates with teams in quality, regulatory, and legal to enhance processes, procedures, and work instructions associated with security risk management and threat modeling.Ensures compliance with regulatory requirements, industry standards, and internal policies governing product security.Stays informed about new tools, regulations, standards, and best practices of the industry.Job Qualifications
Required:Bachelor's degree in Computer Science, Engineering, information technology, cybersecurity, or related area required, or minimum of 5 years’ experience in a relevant industry.Minimum of 2 years’ experience working as a Software Security Engineer or Systems Engineering professional.Experience with embedded technology and software security.Experience in using a Secure Product Development Framework (SPDF) within an agile environment.Experience with security techniques and standards for authentication, authorization, and cryptography (symmetric and asymmetric).Recent experience with threat modelling of cloud-based systems (SaaS, IaaS, or PaaS) using STRIDE or other industry-recognized methods to identify threat events and vulnerabilities.Extensive experience with the development of data flow diagrams (DFDs) for cloud-based systems including identification of external/internal entities, processes, data stores, data flows, and trust boundaries.Experienced user of standards, technical reports, and plans for medical device security including AAMI TIR57, AAMI TIR97, ANSI/AAMI SW96, IEC 81001-5-1, and the Medical Device and Health IT Joint Security Plan.Experience with applying CVSS 3.1 and CVSS 4.0 for vulnerability prioritization.Experience with supporting coordinated vulnerability disclosure in a regulated industry.Knowledge of government and sector-agnostic publications for security risk management including NIST SP 800-39, NIST SP 800-30, NIST SP 800-53, and ISO 27005.Experience of vulnerability handling and disclosure standards such as ISO/IEC 30111 and ISO/IEC 29147, respectively.Knowledge of requirements specified by IEC 62304 and ISO 14971 for medical device software life-cycle processes and medical device risk management, respectively.Knowledge of medical device cybersecurity guidance published by the U.S. Food & Drug Administration, EU Medical Device Coordination Group, Health Canada, Therapeutic Goods Administration (Australia), and the International Medical Device Regulators Forum (IMDRF).Excellent analytical and troubleshooting skills.Ability to work both independently and in a team environment.Excellent communication skills, oral and written.Able to work in a multi-discipline collaborative environment to include international colleagues and Olympus partners.Preferred:Systems engineering background preferred.Certifications (preferred): CISSP, CSSP, CRISC, CompTIA Security+We offer a holistic employee experience supporting personal and professional well-being through meaningful work, equitable offerings, and a connected culture.Equitable Offerings you can count on:Competitive salaries, annual bonus and 401(k)* with company match24/7 Employee Assistance ProgramFree live and on-demand Wellbeing ProgramsGenerous Paid Vacation and Sick TimePaid Parental Leave and Adoption Assistance*12 Paid HolidaysOn-Site Child Daycare, Café, Fitness Center**Connected Culture you can embrace:Work-life integrated culture that supports an employee centric mindsetOffers onsite, hybrid and field work environmentsPaid volunteering and charitable donation/match programsDiversity Equity & Inclusion Initiatives including Employee Resource GroupsDedicated Training Resources and Learning & Development ProgramsAt Olympus, we are committed to Our Purpose of making people’s lives healthier, safer and more fulfilling. As a global medical technology company, we partner with healthcare professionals to provide best-in-class solutions and services for early detection, diagnosis and minimally invasive treatment, aiming to improve patient outcomes by elevating the standard of care in targeted disease states.For more than 100 years, Olympus has pursued a goal of contributing to society by producing products designed with the purpose of delivering optimal outcomes for its customers around the world.Headquartered in Tokyo, Japan, Olympus employs more than 31,000 employees worldwide in nearly 40 countries and regions. Olympus Corporation of the Americas, a wholly owned subsidiary of Olympus Corporation, is headquartered in Center Valley, Pennsylvania, USA, and employs more than 5,200 employees throughout locations in North and South America. For more information, visit www.olympusamerica.com.Olympus is dedicated to building a diverse, inclusive and authentic workplace. We recognize diversity in people, views and lifestyle choices and emphasize the importance of inclusion and mutual respect. We strive to continue to foster empathy and unity in the workplace so that our employees can fully contribute and thrive.Let’s realize your potential, together.It is the policy of Olympus to extend equal employment and advancement opportunity to all applicants and employees without regard to race, color, national origin (including language use restrictions), citizenship status, religious creed (including dress and grooming practices), age, sex (including pregnancy, childbirth, breastfeeding, medical conditions related to pregnancy, childbirth and/or breastfeeding), gender, gender identity and expression, sexual orientation, marital status, disability (physical or mental) and/or a medical condition, genetic information, ancestry, veteran status or service in the uniformed services, and any other characteristic protected by applicable federal, state or local law.Applicants with Disabilities:As a Federal Contractor, Olympus is committed to ensuring our hiring process is accessible to everyone. If you need an accommodation in order to complete the application or hiring process, please contact Olympus via email at OCAAccommodations@olympus.com. If your disability impairs your ability to email, you may call our HR Compliance Manager at 1-888-Olympus (1-888-659-6787).Posting Notes: || United States (US) || Minnesota (US-MN) || Brooklyn Park || Research and Development
#J-18808-Ljbffr