IT Security Engineer

ResMed

(San Diego, California)
Full Time
Job Posting Details
About ResMed
The global team at ResMed (NYSE:RMD) is united in the commitment to change millions of lives with every breath. With more than 4,000 employees and a presence in over 100 countries, the company has been pioneering new and innovative devices and treatments for sleep-disordered breathing, chronic obstructive pulmonary disease, and other chronic diseases for more than 25 years. ResMed's world-leading products and innovative solutions improve the quality of life for millions of patients worldwide, r
Summary
The Security Engineer’s primary role is to be work with a security team to assure the integrity and security of all ResMed information and computing infrastructure. Duties include evaluating and overseeing data security risks, developing security measures to safeguard information against accidental or unauthorized modification, destruction, or disclosure across all company business units, or inappropriate access to ResMed systems and data, and through the creation and oversight of application security standards and practices. This function will manage the many facets of security technology, including application security, emerging threats and mitigation tools, security for strategic projects, security operations support and management of technical staff, as appropriate.
Responsibilities
IT Security Leadership Perform SME role for Application Security - Identify application security gaps and best practices, and coordinate with teams to raise the level of application security skills, process, review and reporting. Participate in risk identification, management and resolution, and recommend IT security risk avoidance strategies, risk mitigation actions and controls. Primary coordination point for application related security incidents, including tracking security related incidents from notification to resolution. Technical Evaluations Evaluate application security current state and desired state and define a gap remediation plan based on current and anticipated risk and other factors. Perform application vulnerability analysis and management actions (perform and support vulnerability identification, and support remediation efforts) for current, pending and future solutions and processes. Conduct security threat and impact assessments as input into the Global IT Security technology program and strategy. Conduct/provide input for security risk assessments as required for project undertaken by ResMed (this may not be limited to internal or IT assessments). Provide technical expertise and guide the administration of security tools that control and monitor information security. Establishment of IT Security Standards, Policies and Processes Develop and implement secure software design procedures (SDLC) - E.g. Secure Coding Initiative (CERT) & Web application consortium, NIST 80-64, and OWASP Secure Coding Practices. Develop, maintain, publish and communicate enterprise-wide security policies, procedures, standards and guidelines. Design, implement, and maintain security-related processes and procedures as relates to both technical and business considerations. Assist with the development/maintenance of the Information Security & Compliance testing framework and standards for documentation, metrics, and reporting. Suggest areas where existing security architecture requires change or development. Security Awareness / Education Build and support implementation of an application security training program Assist with the development of non-application security educational programs, conducting awareness seminars and workshops as appropriate. Train information owners in the implementation of necessary computer security controls for new/upgraded security software and devices. Undertake appropriate training to maintain/advance security knowledge. Reporting Track progress of security program specific to areas of responsibility such as application security, vulnerability management and incident response performance. Generate IT security status reporting and metrics on periodic basis. Co-ordinate / generation of IT global and regional monthly and quarterly board reports. Generate documentation & reporting as required (e.g. significant trends and vulnerabilities). Support Provide technical expertise and guide the administration and quality assurance of security tools that control and monitor information security. Consult with IT technical services staff to evaluate, select, install, and configure hardware and software systems that provide appropriate security functions. Review new development projects for security risks and provide guidance on mitigating those risks. Provide IT Security support in case of security incidents. Participate in Incident Response planning and testing. Provide IT Security support in case of security incidents. Participate in Incident Response planning and testing.
Ideal Candidate
* Experience as an application developer with an emphasis in secure coding, programming languages to include JAVA, .NET, Python, C and C++. * Extensive experience supporting global information security in a complex, decentralized IT organization, focusing on protection of intellectual property and sensitive information. * Hands on experience with secure coding practices: input/output validation (using constrain, reject or sanitize), auditing (NIST 800-53), memory segmentation, error handling, separation of duties, securing source code, data classification, account authentication and authorization. * Proven experience with static code review tools (AppScan, Veracode, etc.). * Strong knowledge of encryption selection and management, for data in motion or at rest. * Strong knowledge of vulnerabilities including: XXS, SQLi, clickjacking, Cross-site scripting, cross-site forgery attacks * Extensive experience supporting Global information security in a complex, decentralized IT organization, which focuses on protection of intellectual property and sensitive information. * A degree in an IT or auditing discipline or other equivalent combination of education and experience that provides the required knowledge and skills. * Five to ten years work experience supporting information technology and security, * A positive "can do" attitude. * Team player that takes the initiative to make an impact. * Effective and strong communication and writing skills. * Security Certification - CISSP, CISM, CEH, Security+, Linux+, MCSE, CCNA, SSCP or equivalent, * Operational knowledge of: * Security Incident and Event management (SIEM) * Intrusion detection system (IDS) monitoring * Computer security standard best practices * Vulnerability assessment, scanning and tools * Techniques for analyzing TCP/IP network traffic and event logs * In-depth knowledge and working experience with operating systems such as Microsoft (e.g. Windows 8/7/2012/2008), Linux (e.g. RedHat) * Ability to analyse and interpret windows and network device logs * Computer / application access controls * Penetration Testing activities (including network security and black-box testing) * Risk assessment experience * Working knowledge of ISO27001, ISO27002, ISO9001, Sarbanes Oxley, HIPAA, FDA Quality System Regulation, 21 CFR Part 11, 21 CFR Part 820 * Strong knowledge of network and Web application exploitation, ethical hacking, penetration testing, computer forensics, and tool development

Questions

Answered by on
This question has not been answered
Answered by on

There are no answered questions, sign up or login to ask a question

Want to see jobs that are matched to you?

DreamHire recommends you jobs that fit your
skills, experiences, career goals, and more.