Application Security Architect

Location: Remote, MA

Resuscitation

ZOLL Medical is a growing, innovation-driven company on the forefront of delivering medical devices to save lives, and software solutions to improve efficiency. With customers in more than 140 countries, we continue to expand our reach, as well as our product offerings. Hospitals, emergency medical services (EMS), and others trust us to provide high-quality products and exceptional customer service. ZOLL products are used every day across the globe to save the lives of people who suffer sudden cardiac arrest. From Real CPR Help® technology—an industry first—to the world’s only wearable defibrillator, our capabilities and features set us apart. But none of this would be possible without the motivation and dedication of ZOLL employees, and we’re invested in their success.

We offer competitive salaries and a comprehensive benefits package. Join our team. It’s a great time to be a part of ZOLL!

Description

The ZOLL Product Security Team is hiring an Application Security Architect to operationalize a robust cybersecurity program focusing on the cloud application side of the IoT conversation. This role will report to the Product Security Lead and provide support for all areas of product cybersecurity including secure by design strategies, risk management, testing, training, and product incident response.

  • Implement and improve a strong product cybersecurity program

  • Advise product development teams regarding security principles, secure architecture, the implementation of cybersecurity controls, the design and coding of security-related features, and the secure delivery and deployment of applications.

  • Threat modeling

  • Hands on application security assessments including use of static, dynamic and interactive tools

  • Use and integrate into CI/CD pipeline commercial and open source tools to achieve security goals

  • Perform vulnerability triage to prioritize issues, eliminate false positive, articulate issues to developers and provide the best practices and governance for remediation

  • Assist with security testing of products, including internal penetration testing and working with third-party security assessment and pen testing companies.

  • Key contributor to PSIRTs

  • Collaborate with and train developers and infrastructure teams to remediate vulnerabilities and develop best practices

  • Responds to product security questionnaires

  • Identify new and emerging security tools and practices for implementation

  • Participate in ISAOs (Information Sharing and Analysis Organizations) and H-ISAC

  • To fulfill this role, a regular cadence of study in cybersecurity and attendance at conferences is required

Required/Preferred Education and Experience:

  • BS degree or equivalent in Computer Science, Computer Engineering or related discipline

  • 5-10+ years of professional development experience with 5 years of application security experience

  • Experience developing cloud hosted applications and programming environments such as .NET, Java, Azure and AWS.

  • Knowledge of AWS native security and infrastructure tools.

  • In-depth knowledge of application security concepts, best practices and methods such OWASP Top 10.

  • Experience with SAST, DAST, IAST, SCA, fuzzing and threat modeling tools.

  • DevSecOps mindset and Experience integrating security tools into CI/CD.

  • Demonstrated performance as a trusted security leader including application of industry specific cybersecurity frameworks

  • Experience in applying OWASP SAMM or other security focused software development framework

  • Experience using and training others in use of the Common Vulnerability Scoring System (CVSS)

  • Communication, presentation and analytical skills along with the ability to thrive in a dynamic environment and handle multiple priorities.

  • Experience working with nontraditional technical personalities and third-party security researchers (hackers)

Other Duties:

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job.  Duties, responsibilities, and activities will be reviewed periodically as duties and responsibilities change with business necessity.  Essential and marginal job functions are subject to modification.

ZOLL Medical Corporation appreciates and values diversity.  We are an Equal Opportunity Employer M/F/D/V. 

ADA:  The employer will make reasonable accommodations in compliance with the Americans with Disabilities Act of 1990