Senior Staff Product Security Engineer

What if the work you did every day could impact the lives of people you know? Or all of humanity?At Illumina, we are expanding access to genomic technology to realize health equity for billions of people around the world. Our efforts enable life-changing discoveries that are transforming human health through the early detection and diagnosis of diseases and new treatment options for patients.Working at Illumina means being part of something bigger than yourself. Every person, in every role, has the opportunity to make a difference. Surrounded by extraordinary people, inspiring leaders, and world changing projects, you will do more and become more than you ever thought possible.Reporting to the Director, Information Security Product (DISP), the Senior Staff Product Security Engineer, is a critical role at Illumina in ensuring the manufacturing of our physical medical devices and products are secure. This position requires experience, knowledge, technical and leadership skills in the areas of software, embedded systems, medical devices and manufacturing security.  The individual will be responsible for leading change and implement the pre-market security initiatives of solutions including Illumina medical instruments and connected software before they are released to customers.Position Summary:The Product Security Team is looking for a talented Senior Staff Security Product Engineer to help us strengthen our world-class business. As a valued team member and technical lead, you will define, identify, evaluate, and maintain controls, providing visibility into the health, and security of our products.    You will be collaborating closely with engineering, development, and technology groups to define and maintain medical device security and extend  modern technologies through manufacturing. The Senior Staff Security Engineer will be responsible for testing and validating components of the genomic sequencing products, software and interconnected solutions that take product security to the next level.  You are highly motivated to integrate security capabilities into continuous release planning and execution for all Illumina products. Strong leadership, strategic planning and skills to balance of multiple concurrent business needs are needed to succeed in this position.  This is a high-profile role with high potential for leadership growth for the right candidate.Responsibilities:Perform security testing of physical medical devices and interconnected cloud services.  Lead analysis with Development.Lead threat modeling exercises with development teams and provide expertise in risk remediation.Write security testing reports summarizing results for manufacturing process systems and software validation projects.Develop and communicate expectations for continuous vulnerability management: identification, triage, analysis, and remediation recommendations.Evaluate existing controls to identify gaps and areas for improvementConsult with Engineering and Development Teams on complex security problems.Performing independent security research on genomic sequencing devices.Drive security by turning findings into actions and deliverables.Understand attack methods and vectors then translate those into test cases that may exploit software weakness or logic flaws and provide direction to development to resolve the issuesDocument regulatory requirements for submission of products in development.Requirements:Minimum 5+ years of application and product security experience with track record of delivering processes and solutions based on industry standard security concepts and best practice frameworks. Experience with medical device security testing.Work collaboratively with other engineers to automate software test cases within a maintainable test automation environmentWork with software developers, scientists, and domain experts in understanding requirements of the software and translating to test cases and automated test scriptsUnderstanding of OWASP Top 10 Web Application Vulnerabilities.Proficient with Linux shell, PowerShell, Perl and/or PythonCoding experience with one or more of the following: .Net, Java, Perl, JavaScriptExperience with software security tools like nMap, Wireshark, Kali Linux, OpenVASEffective communicator delivering key messages to team stakeholders, and business partners using informative clear verbal and written communicationsDeep experience with a product development in an ISO 13485 environmentExtensive knowledge of best practices for medical device security across the lifecycle: TIR57, TIR97, CVSS, MITRE Rubric,Subject matter expertise in application of cybersecurity risk controls: ISO 14971Education:Bachelor’s degree in computer science, engineering, or similar and relevant work experienceProfessional qualifications are preferred such as, or equivalent: Example: CISSP, CISM, CSSLP, or OSCP.Illumina believes that everyone has the ability to make an impact, and we are proud to be an equal opportunity employer committed to providing employment opportunity regardless of sex, race, creed, color, gender, religion, marital status, domestic partner status, age, national origin or ancestry, physical or mental disability, medical condition, sexual orientation, pregnancy, military or veteran status, citizenship status, and genetic information.