Sr Principal Eng, Cybersecurity

This is where your work makes a difference.

At Baxter, we believe every person—regardless of who they are or where they are from—deserves a chance to live a healthy life. It was our founding belief in 1931 and continues to be our guiding principle. We are redefining healthcare delivery to make a greater impact today, tomorrow, and beyond.

Our Baxter colleagues are united by our Mission to Save and Sustain Lives. Together, our community is driven by a culture of courage, trust, and collaboration. Every individual is empowered to take ownership and make a meaningful impact. We strive for efficient and effective operations, and we hold each other accountable for delivering exceptional results.

Here, you will find more than just a job—you will find purpose and pride. 

Your Role at Baxter

This is where your work saves lives

A Sr Principal Engineer, Cybersecurity will be responsible for development of products and providing creative solutions associated with the design, development, and sustaining engineering for our new and existing product portfolio. The successful candidate will possess proven “hands-on” technical abilities, an excitement and energy for product development, and a passion for their work and the impact it has on meeting the needs of patients.

What you'll be doing!

• Work directly with software developers in building a “security by design” mindset by defining implementations and coding in line with the Application Security Program mandates.
• Implement embedded/cloud secure code solutions, design patterns, and coding guidelines that meet security and privacy requirements defined in the security plans, risk assessments, policies, and procedures.
• Support security project governance through scheduling activities, planning and prioritization.
• Proactively drive security solutions implementation in-alignment with the development leads, security architects and product owner(s).
• Drive feature implementations in line with the architecture via designs, coding, reviews and tests. Perform Proof of Concept (POC) activities or equivalent experience as necessary.
• Review, analyze and mitigate SAST, DAST, SCA and penetration test findings in collaboration with the developers for various electromechanical medical devices product lifecycles.
• Review current software security control measures and implement security enhancements across multiple medical devices.
• Participate in post-market product analysis to support vulnerability investigations as required as well as be engaged in continuous security monitoring.

What You'Ll Bring!

• Bachelor’s degree in computer science, Computer Engineering, a related field or equivalent demonstrated experience and knowledge.
• Minimum 10+ years of experience in software development or related fields.
• Minimum 3 years technical experience working with cyber security design/development for embedded systems.
• Experience working with each of the following:
• Experience with C/C++, Linux and/or security design within real-time operating systems.
• Experience analyzing, interpreting, and mitigating security findings from multiple sources including SAST, DAST, SCA and penetration tests.
• Embedded data at rest security implementations including Code Signing, Secure boot, and flash encryption implementations.
• Embedded/IoT wired and wireless secure networking implementations within multiple layers of the OSI stack.
• IoT/Embedded PKI solutions and implementation.
• Experience in the realm of cyber security development for embedded and digital products.
• Experienced security developer able to interpret and guide software development teams on secure coding practices and application security test report interpretation for various coding languages and operating environments.
• Solid understanding of secure software development lifecycle and practices including SAFe/ Agile methodologies for software development.
• Understanding security by design principles and architecture level security concepts.
• Proficient knowledge and practical application of security technologies/techniques like Cryptographic Algorithms/Cipher Suites, Public key Infrastructure (PKI), Hardware/embedded authentication protocols, Secure Boot, and data-at-rest encryption methods.
• Experience implementing OWASP Top10 application security guidelines.
• Knowledge of embedded system architecture and security controls (e.g., firewall and border router configurations, wireless communication architectures, messaging authentication protocols.
• Experienced in generating, defining, and reviewing penetration test results through knowledge standard methodologies and tools including environmental configuration definition, security analysis, threat modeling, and system security audits.
• Knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities.
• Exposure to international privacy requirements & cross-industry trends.

Personal Characteristics

• Excellent communication, interpersonal and leadership skills.
• Firm decision maker and shall possess good influencing skills.
• Openness to collaborate in interest of project/organization.
• Proactive and dedicated possessions due sense of urgency.
• Shall have approach towards systems and strong problem-solving skills.
• Working with multi-site teams, Quality conscious and Process & customer Oriented.
• Mentoring skills.

Equal Employment Opportunity

Baxter is an equal opportunity employer. Baxter evaluates qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability/handicap status or any other legally protected characteristic.

Reasonable Accommodations

Baxter is committed to working with and providing reasonable accommodations to individuals with disabilities globally. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the application or interview process, please click on the link here and let us know the nature of your request along with your contact information.

Recruitment Fraud Notice

Baxter has discovered incidents of employment scams, where fraudulent parties pose as Baxter employees, recruiters, or other agents, and engage with online job seekers in an attempt to steal personal and/or financial information. To learn how you can protect yourself, review our Recruitment Fraud Notice.