Massachusetts Jobs

MassHire JobQuest Logo

Job Information

Hologic Senior Security Architect in Marlborough, Massachusetts

Senior Security Architect

Marlborough, MA, United States

8 days

The Senior Security Architect partners with our product development and engineering divisions to enable them to build and enhance security Hologic’s products and services. The ideal candidate possesses strong security and systems experience and has worked with medical devices, digital platforms, cloud, mobile, and/or embedded/IoT device ecosystems. As a trusted technical partner, expert, and thought leader, this role will help shape the future of Hologic’s core product portfolio and digital transformation. The execution of your primary roles and responsibilities requires a high degree of self-motivation. You will apply a practical, risk-based approach while both leading and advising product teams in the security domains. This is a highly technical role with approximately 80% as architect/designer/advisor.

Responsibilities:

  • Establish best practices for the effective avoidance, identification, and resolution of security weaknesses in products, services, and related processes for Hologic products and services.

  • Engage with product teams as both advisor and contributing team member to enable building security into complex systems across the entire product lifecycle (from concept through deployment and use), including conducting security reviews and coordinating penetration testing.

  • Lead & Partner with developers and testers in security activities during the product lifecycle, such as secure design reviews/threat modelling, security code reviews, security test planning, and component security hardening, to identify potential security weaknesses.

  • Innovate on technical solutions to solve security challenges in product architecture, implementation, testing, release, and operations.

  • Coordinate and guide the response to security vulnerabilities that are reported by 3rd party researchers or customers against released products and services.

  • Work closely with other security professionals in Information Security Team or other groups within Hologic to execute key functions such as secure code signing, secure manufacturing, and secure product operations.

  • Interact with development and manufacturing partners to enable security of product components in the supply chain.

  • Keep abreast of advances in secure system design and development practices, threats and threat actors, and new attack techniques or areas of security research, and provide guidance to the product organizations to help them avoid or mitigate future security concerns.

  • Contribute to the risk management process for product development.

  • Lead and partner the product security program design, developing product security standards and processes, and defining appropriate program metrics. (Help drive maturity and adoption of the overall program).

  • Represent product security for the Information Security Team and connecting it into the overall security framework and program.

  • Perform analysis and execute POCs (Proof of Concepts) or POFs (Proof of Feasibility) initiatives covering medical device security and advanced cryptography.

Required Skills:

  • Secure software / systems development lifecycle experience (e.g. Microsoft SDL, OpenSAMM, CMMI-Dev+Secure);

  • Demonstrable knowledge and experience in one or more of the following areas:

  • System security engineering

  • Embedded device security

  • Application or system hardening

  • Security Testing / Penetration Testing

  • Mobile application security

  • Cloud security

  • Cryptography

  • Forensics or reverse engineering

  • Knowledge of common security standards and best practices, such as NIST 800-53/800-160, ISO 270xx, CWE, CVSS, OWASP Top 10, CERT Secure Coding Standards.

  • Experience with Cryptographic Libraries (EX: wolfssl/openssl)

  • Core knowledge of Certificate Based Authentication & PKI

  • Experience leading secure architecture, design, and code reviews.

  • Direct development experience in languages including C/C++ (x86 or ARM), Python, and Java; Go or Swift experience desirable.

  • Experience with CI/CD tools and practices

  • Experience in Waterfall, Agile, DevOps, and/or V-Model development methodologies

  • Experience with any of the application security tools as SonarQube, Fortify, Clang preferred

  • Experience using CIS Security benchmarks or US DISA Security Technical Implementation Guides

  • Prior or current involvement in industry security initiatives such as IETF, OWASP, ISO, CWE, BSIMM, Cloud Security Alliance, or any open-source project related to security

  • Experience with the Industrial or Consumer Internet of Things (IoT) products

  • Competence in resolving problems/conflicts in a diplomatic and tactful manner.

  • Experienced and comfortable making risk-based recommendations and judgments.

  • Must demonstrate high integrity, good judgement and maintain a sense of urgency;

  • Must be committed to excellence with a growth mindset and a keen focus on delivery;

  • Keeps an open mind and shows willingness to learn new methods, procedures, and techniques that embrace change

  • Extremely collaborative and team oriented

  • Excellent verbal and written communication skills

  • Must be able to operate independently

  • Strong analytical, problem-solving, and critical thinking skills

Desired Skills:

  • Experience with scripting (PowerShell, Python)

  • Understanding of functional safety (FDA) and/or privacy requirements desirable

  • Teaching or technical consultation experience desirable

  • Familiar with NIST CSF, ISO27001, and other security standards

  • Experience in performing risk assessments

  • Experience in participating in IT Security audits and remediating findings

  • Familiarity with US FDA cybersecurity requirements desirable

Education/Experience:

  • Master’s degree or equivalent field experience

  • Certified Software Security Lifecycle Professional (CSSLP), Certified Information Systems Security Professional (CISSP) certification, SANS GIAC Certified Incident Handler (GCIH), or SANS GIAC Certified Penetration Tester (GPEN) or equivalent certification

  • 8-10 years’ related experience.

  • Experience in medical device architecture a plus

Agency and Third Party Recruiter Notice: Agencies that submit a resume to Hologic must have a current executed Hologic Agency Agreement executed by a member of the Human Resource Department. In addition Agencies may only submit candidates to positions for which they have been invited to do so by a Hologic Recruiter. All resumes must be sent to the Hologic Recruiter under these terms or they will not be considered.

Hologic, Inc. is proud to be an Equal Opportunity Employer inclusive of disability and veterans.

#LI-ZN1

DirectEmployers