Product Security Engineer II LinkedIn Twitter Email Message Share Why Join Bracco Medical Technologies? At Bracco Medical Technologies, every employee has an impact on our Mission to empower lifesaving decisions. We create medical devices that give healthcare providers the insights they need to confidently and safely diagnose patients. Our unique line of products includes Intravascular Ultrasound (IVUS), Fractional Flow Reserve (FFR), Cardiovascular Imaging contrast delivery (CVi), and CT and MRI contrast delivery systems. Position Description Position Summary: As a member of Bracco Medical Technologies (BMT)'s Product Security Team, this role is responsible for driving the maturity of BMT's vulnerability management and incident response program. This role provides the opportunity to work cross functionally with a variety of stakeholders, including product development teams, service, and sales, and contribute to product security team deliverables and activities both at the post market and premarket stage such as threat modeling, security testing and security risk management. Primary Duties & Responsibilities: Engage in security research and develop tooling to enhance the post market product security capability to detect and risk assess security vulnerabilities. Generate and manage Software Bill of Materials (SBOM) across multiple platforms Detect and triage root cause and risk assess vulnerabilities found in SBOMs communicating across multiple functions in order to drive remediations on vulnerabilities detected. Architect solutions to remediate post market security vulnerabilities and engage cross functional stakeholders for remediation planning. Be part of PSIRT team, lead CVD and incident response on BMT products. Supports the integration of incident response and vulnerability management process into the Quality Management System. Develop training for cross functional stakeholders engaged in the Incident Response and Vulnerability Management Process and conduct tabletop exercises. Partner with the product and software engineering teams in premarket security activities to assist with design reviews, threat modeling, penetration testing, code reviews, security issues remediation, and other security related activities. Support software developers, system engineers and hardware/firmware engineers across business units on their premarket security practices and provide guidance regarding mitigations to emerging threats and remediation planning. *Other duties and responsibilities as required to support the changing security needs of the organization. Qualifications (Knowledge, Skills & Abilities): Qualifications (Knowledge, Skills & Abilities): Minimum Bachelor of Science in Computer Engineering, Computer Science, Software Engineering, Electrical Engineering, Computer Systems Engineering, or a related discipline. 3 years' experience in systems security administration control and/or software engineering experience or other related experience 2 years' experience in vulnerability management and incident response, product security architecture, security testing, security consultancy, or equivalent. Have knowledge of industry standards and frameworks such as OWASP, NIST, SANS, MITRE ATT&CK, UL 2900 etc Have experience in SBOM scanning and automation Demonstrated problem-solving ability Strong collaboration skills with the ability to work cross functionally. Ability to communicate effectively with a variety of stakeholders Strong interpersonal and communication skills Strong technical writing and presentation skills Preferred * Embedded system, firmware and IoT security * Vulnerability management on products * Development experience in C#, C++ or Java * Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE) or Offensive Security Web Expert (OSWE) certification * Cloud security experience Other * Travel up to 10% domestic and international Job Location 7905 Fuller Road, Eden Prairie, Minnesota Tracki g Code 1348-432 ACIST Medical is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.