Product Security Engineer

Company	Hologic
Location	Marlborough, MA, USA, Newark, DE, USA, Santa Clara, CA, USA
Salary	$86900 – $139400
Type	Full-Time
Degrees	Bachelor’s, Master’s
Experience Level	Junior, Mid Level

Master’s or Bachelor’s degree in Computer Science, Management Information Science, Engineering, or a related technical field.
2+ years of relevant experience in computer and network security, cloud base platform experience, computer networking administration, Microsoft Windows and Linux operating systems, software application testing and maintenance, and cybersecurity risk assessment.
Knowledge of the secure development lifecycle and experience in a development environment.
Expertise in application secure design and code reviews, with an understanding of Secure Coding standards and common vulnerabilities (e.g., OWASP Top 10, CWEs).
Proficiency in scripting and simple application development (e.g., PowerShell, Python, C# , C++).
Experience with industry-standard security tools (SAST, SCA, DAST, vulnerability scanning).
Expertise in Threat Modeling (STRIDE method preferred).
Penetration Testing experience (direct or supportive).
Experience securing development and cloud environments (Azure preferred) and the DevSecOps (CI/CD) pipeline.
Strong communication skills, both verbal and written.

Drive a Secure by Design culture across product teams, ensuring adherence to security standards and best practices.
Participate in the continuous improvement of our Secure by Design policies and procedures, aligning products with the latest security requirements and regulatory standards.
Support the creation and maintenance of security design documentation and architecture diagrams.
Conduct and document ongoing security assessments, including Threat Modeling, for Hologic products and remote connectivity solutions, providing support to product teams as needed.
Perform Security Risk Management activities to address identified vulnerabilities and security design issues.
Create and maintain security controls and requirements while actively participating in design discussions and activities.
Assist in product development efforts, including Security Code Reviews, to ensure compliance with Secure by Design principles and the implementation of appropriate security controls.
Support the automation of security testing and reporting, manage security tooling, and secure our cloud environments.
Oversee ongoing security monitoring of in-market products and connected health solutions, participating in incident response investigations as necessary.
Educate sales and service teams on securing our products, connected health solutions, and their operating environments.

Experience with medical information system administration and familiarity with medical device security standards and regulations (e.g., FDA Premarket Cybersecurity Guidance, IEC 81001-5-1, AAMI TIR57, AAMI SW96).
Experience in software development and verification within a regulated industry.
Experience providing technical support to field service teams and/or end-users.
Security-related certifications (e.g., CISSP), OS (Windows, Linux), and networking (Cisco) certifications are strongly preferred.
Experience obtaining and maintaining Department of Defense (DoD) Authority to Operate (ATO) certifications.