Sr Principal Product Security Engineer

This is where you save and sustain lives

At Baxter, we are deeply connected by our mission. No matter your role at Baxter, your work makes a positive impact on people around the world. You’ll feel a sense of purpose throughout the organization, as we know our work improves outcomes for millions of patients.

Baxter’s products and therapies are found in almost every hospital worldwide, in clinics and in the home. For over 85 years, we have pioneered significant medical innovations that transform healthcare.

Together, we create a place where we are happy, successful and inspire each other. This is where you can do your best work.

Join us at the intersection of saving and sustaining lives— where your purpose accelerates our mission.

Your Role at Baxter

Join us as we revolutionize the treatment landscape and help improve patient lives worldwide.

Baxter plans to spin off our ~$5B Kidney Care segment into an independent, publicly traded company. The new standalone entity will leverage our nearly 70-year legacy in acute therapies and home and in-center dialysis to provide best-in-class care to the people we serve. With its own investment priorities and enhanced management focus, the company will be better positioned to pursue growth opportunities and invest in innovation. We will build on our leadership in the kidney care space, fueled by our steadfast focus on innovation, our passion for patients and their families and our expertise in operational excellence.

This is where you can make an impact.

What you will be doing: Work directly with embedded software developers in building a security by design mindset by defining implementations and coding inline with the Application Security Program mandates Implement embedded secure code solutions, design patterns, and coding guidelines that meet security and privacy requirements defined in the security plans, risk assessments, policies, and procedures Support security project governance through scheduling activities, planning and prioritization Proactively drive security solutions implementation in-alignment with the development leads, security architects and product owner(s) Drive feature implementations in line with the architecture via designs, coding, reviews and tests. Perform Proof of Concept (POC) activities as necessary Review, Analyze and mitigate SAST, DAST, SCA and penetration test findings in collaboration with the developers for various electromechanical medical devices product lifecycles Review current software security control measures and implement security enhancements across multiple medical devices Participate in post-market product analysis to support vulnerability investigations as required as well as be engaged in continuous security monitoring

What you will bring: Experienced security developer able to interpret and guide software development teams on secure coding practices and application security test report interpretation for various coding languages and operating environments Strong knowledge of secure software development lifecycle and practices including SAFe/ Agile methodologies for software development Understanding of security by design principles and architecture level security concepts Sound understanding and experience in implementing security

technologies/techniques

such as, Cryptographic Algorithms/Cipher Suites, Public key Infrastructure (PKI), Hardware/embedded authentication protocols, Secure Boot, and data-at-rest encryption methods Experience implementing OWASP Top10 application security guidelines in embedded systems Knowledge of embedded system architecture and security controls (e.g., firewall and border router configurations, wireless communication architectures, messaging authentication protocols Experienced in generating, defining, and reviewing penetration test results through knowledge standard methodologies and tools including environmental configuration definition, security analysis, threat modeling, and system security audits Knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities Exposure to international privacy requirements & cross-industry trends

Qualifications and Skills Bachelor's degree in Computer Science, Computer Engineering, a related field or equivalent demonstrated experience and knowledge Minimum 8+ years of experience in software development or related fields. Minimum 5 years technical experience working with product security design/development for embedded systems 3 years working with each of the following:

Experience with C/C++, Python, Linux and/or security design within real-time operating systems Experience analyzing, interpreting, and mitigating security findings from multiple sources including SAST, DAST, SCA and penetration tests Embedded data at rest security implementations including Code Signing, Secure boot, and flash encryption implementations Embedded/IoT wired and wireless secure networking implementations within multiple layers of the OSI stack IoT/Embedded PKI solutions and implementation.

We understand compensation is an important factor as you consider the next step in your career. At Baxter, we are committed to equitable pay for all employees, and we strive to be more transparent with our pay practices. The estimated base salary for this position is $120,000 to $165,000 annually. The estimated range is meant to reflect an anticipated salary range for the position. We may pay more or less than of the anticipated range based upon market data and other factors, all of which are subject to change. Individual pay is based on upon location, skills and expertise, experience, and other relevant factors. This position may also be eligible for discretionary bonuses. For questions about this, our pay philosophy, and available benefits, please speak to the recruiter if you decide to apply and are selected for an interview.

The successful candidate for this job may be required to verify that he or she has been vaccinated against COVID-19, subject to reasonable accommodations for individuals with medical conditions or religious beliefs that prevent vaccination, and in accordance with applicable law.

Equal Employment Opportunity

Baxter is an equal opportunity employer. Baxter evaluates qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability/handicap status or any other legally protected characteristic.

EEO is the LawEEO is the law - Poster SupplementPay Transparency Policy

Reasonable Accommodations

Baxter is committed to working with and providing reasonable accommodations to individuals with disabilities globally. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the application or interview process, please click on the link here and let us know the nature of your request along with your contact information.

Recruitment Fraud Notice

Baxter has discovered incidents of employment scams, where fraudulent parties pose as Baxter employees, recruiters, or other agents, and engage with online job seekers in an attempt to steal personal and/or financial information. To learn how you can protect yourself, review our Recruitment Fraud Notice. 120375 #J-18808-Ljbffr