Hologic Senior Security Architect in Marlborough, Massachusetts
Senior Security Architect
Marlborough, MA, United States
The Senior Security Architect partners with our product development and engineering divisions to enable them to build and enhance security Hologic’s products and services. The ideal candidate possesses strong security and systems experience and has worked with medical devices, digital platforms, cloud, mobile, and/or embedded/IoT device ecosystems. As a trusted technical partner, expert, and thought leader, this role will help shape the future of Hologic’s core product portfolio and digital transformation. The execution of your primary roles and responsibilities requires a high degree of self-motivation. You will apply a practical, risk-based approach while both leading and advising product teams in the security domains. This is a highly technical role with approximately 80% as architect/designer/advisor.
Establish best practices for the effective avoidance, identification, and resolution of security weaknesses in products, services, and related processes for Hologic products and services.
Engage with product teams as both advisor and contributing team member to enable building security into complex systems across the entire product lifecycle (from concept through deployment and use), including conducting security reviews and coordinating penetration testing.
Lead & Partner with developers and testers in security activities during the product lifecycle, such as secure design reviews/threat modelling, security code reviews, security test planning, and component security hardening, to identify potential security weaknesses.
Innovate on technical solutions to solve security challenges in product architecture, implementation, testing, release, and operations.
Coordinate and guide the response to security vulnerabilities that are reported by 3rd party researchers or customers against released products and services.
Work closely with other security professionals in Information Security Team or other groups within Hologic to execute key functions such as secure code signing, secure manufacturing, and secure product operations.
Interact with development and manufacturing partners to enable security of product components in the supply chain.
Keep abreast of advances in secure system design and development practices, threats and threat actors, and new attack techniques or areas of security research, and provide guidance to the product organizations to help them avoid or mitigate future security concerns.
Contribute to the risk management process for product development.
Lead and partner the product security program design, developing product security standards and processes, and defining appropriate program metrics. (Help drive maturity and adoption of the overall program).
Represent product security for the Information Security Team and connecting it into the overall security framework and program.
Perform analysis and execute POCs (Proof of Concepts) or POFs (Proof of Feasibility) initiatives covering medical device security and advanced cryptography.
Secure software / systems development lifecycle experience (e.g. Microsoft SDL, OpenSAMM, CMMI-Dev+Secure);
Demonstrable knowledge and experience in one or more of the following areas:
System security engineering
Embedded device security
Application or system hardening
Security Testing / Penetration Testing
Mobile application security
Forensics or reverse engineering
Knowledge of common security standards and best practices, such as NIST 800-53/800-160, ISO 270xx, CWE, CVSS, OWASP Top 10, CERT Secure Coding Standards.
Experience with Cryptographic Libraries (EX: wolfssl/openssl)
Core knowledge of Certificate Based Authentication & PKI
Experience leading secure architecture, design, and code reviews.
Direct development experience in languages including C/C++ (x86 or ARM), Python, and Java; Go or Swift experience desirable.
Experience with CI/CD tools and practices
Experience in Waterfall, Agile, DevOps, and/or V-Model development methodologies
Experience with any of the application security tools as SonarQube, Fortify, Clang preferred
Experience using CIS Security benchmarks or US DISA Security Technical Implementation Guides
Prior or current involvement in industry security initiatives such as IETF, OWASP, ISO, CWE, BSIMM, Cloud Security Alliance, or any open-source project related to security
Experience with the Industrial or Consumer Internet of Things (IoT) products
Competence in resolving problems/conflicts in a diplomatic and tactful manner.
Experienced and comfortable making risk-based recommendations and judgments.
Must demonstrate high integrity, good judgement and maintain a sense of urgency;
Must be committed to excellence with a growth mindset and a keen focus on delivery;
Keeps an open mind and shows willingness to learn new methods, procedures, and techniques that embrace change
Extremely collaborative and team oriented
Excellent verbal and written communication skills
Must be able to operate independently
Strong analytical, problem-solving, and critical thinking skills
Experience with scripting (PowerShell, Python)
Understanding of functional safety (FDA) and/or privacy requirements desirable
Teaching or technical consultation experience desirable
Familiar with NIST CSF, ISO27001, and other security standards
Experience in performing risk assessments
Experience in participating in IT Security audits and remediating findings
Familiarity with US FDA cybersecurity requirements desirable
Master’s degree or equivalent field experience
Certified Software Security Lifecycle Professional (CSSLP), Certified Information Systems Security Professional (CISSP) certification, SANS GIAC Certified Incident Handler (GCIH), or SANS GIAC Certified Penetration Tester (GPEN) or equivalent certification
8-10 years’ related experience.
Experience in medical device architecture a plus
Agency and Third Party Recruiter Notice: Agencies that submit a resume to Hologic must have a current executed Hologic Agency Agreement executed by a member of the Human Resource Department. In addition Agencies may only submit candidates to positions for which they have been invited to do so by a Hologic Recruiter. All resumes must be sent to the Hologic Recruiter under these terms or they will not be considered.
Hologic, Inc. is proud to be an Equal Opportunity Employer inclusive of disability and veterans.
- Hologic Jobs