Product Security Governance Engineer

Summary of the Position

Alcon is looking to hire Product Security Governance Engineer.

JOB PURPOSE

• Support Product Security and Threat Intelligence solutions.

• Provide support for performing penetration tests, SAST/DAST/SCA and preparing reports for findings for Alcon Products (SaMD-Software As a Medical Device, SiMD-Software In a Medical Device and Digital Applications).

• Communicate prioritization of vulnerabilities for remediation to stakeholders.

• Build competencies with gap analysis, process changes, and integration of automated tools across the product lifecycle.

• Review and recommend remediations from security software tooling analysis.

• Well-versed in the product security landscape.

• Work closely with the Bangalore and Lake Forest Product Security functions, Software Development, Verification and Validation, Quality, Regulatory and Digital Health Software teams to coordinate oversight of security framework.

• Help in building and developing automation with automated scripts and tools as applicable.

• Help in leading efforts to close the security related gaps in Alcon’s product security framework.

• Build strong collaboration with cross-functional stakeholders and teams across the product development lifecycle.

• Communicate stakeholders concerning discovered vulnerabilities and remediation suggestions.

• Contribute to analyzing product security risks, assessing security gaps, and recommending possible solutions.

• Provides accurate documentation of existing metrics and KPIs, and security process.

• Collaborating with the Product Security Incident Response Team to support incident response activities and address identified incidents as needed.

• Works closely with the Product Security team to support product security activities and associated deliverables

JOB FUNCTIONS

Essential Functions

Duties are listed in order of greatest importance.  Other responsibilities may be assigned. 

You will be responsible for maintaining robust product security measures across all stages of our product development and post launch process. Supporting Alcon Product Security Process by performing product security activities for all Alcon products. Perform/support Post Market Monitoring risk analysis of in-market products; document and score findings, communicate results to development teams. Support yearly penetration tests, SAST/DAST/SCA as needed and directed, create or reviewing final reports. You will collaborate with cross-functional teams to integrate security best practices and ensure the protection of our products against potential threats. Implement and enforce security best practices throughout the entire software development lifecycle (SDLC) Stay updated on the latest security trends, regulatory standards, vulnerabilities, and mitigation strategies. Summarize product risks for stakeholder reports. Interact with outside vendors, write/modify/convey host module requirements, and be able to identify and hold outside vendors accountable for their deliverables. Review security updates for possible negative affects against in-market products and monitor media for new vulnerabilities. As needed write and/or review patching and update communications to customers and disseminate. Support preparation software for SAST, DAST, Vulnerability scans, fuzzing scans; review and document results, provide recommendations for remediations.

QUALIFICATIONS

Minimum Requirement

BS of Computer engineering or Information Security or other related discipline with 6 years’ experience; or 8 years of relevant experience. Solid understanding of Software Development Lifecycle Management (SDLC) – (Agile/Scrum, iterative) Proven experience in a Product Security field or in a similar role. Familiar with the following types of tools: SAST, DAST, SBOM, network forensics tools, fuzzing, standard penetration test tools and GRC tool are a plus. Knowledge of cybersecurity concepts, networking and software development process is plus. Ability to coordinate and balance activities between multiple associates Ability to work independently, proactively identify issues, recommend, and implement solutions, and deliver quality results on schedule while managing multiple tasks and internal customers. Ability to follow directions, identify issues, recommend and deliver quality results on schedule. Good interpersonal & Communication skills to build positive departmental and inter-departmental relationships in a virtual, remote and asynchronous environment. Prior experience on medical device software and data integrity. Understanding of FDA/ISO regulations related to medical device software. Strong understanding of secure coding principles, encryption, and authentication protocols

Excellent communication and collaboration skills. Good interpersonal & Communication skills to build positive departmental and inter-departmental relationships in a virtual, remote, and asynchronous environment. Understanding of Window OS services, processes, driver and registry configurations and analysis techniques is a plus Fluent English; excellent verbal and written communication skills

Knowledge, Skills and Abilities

Personal Effectiveness Competencies:

• Project Excellence - Fundamental

• Continuous Learning - Intermediate

• Digital and Technology Savvy - Intermediate

• Operational Excellence - Intermediate

• Breakthrough Analysis - Intermediate

• Organizational Savvy - Intermediate

Skills and Knowledge:

• STEAM – Applied Science, Technology, Engineering, Arts and Math

• Technical Development Methodology for Medical Devices (21 CFR 820.30, ISO 13485)

• Systems Engineering or Risk Management for Medical Device (ISO 14971)

• Medical Device Software – Software Life Cycle Processes (IEC 62304)

• Regulations and Guidelines associated with software development.

• Excellent verbal English communication skill (in a remote environment)

• Microsoft Office suite (i.e., Word, Excel, Visio)

Experiences

• Cross Functional collaboration - Primary

• New Product Innovation - Secondary

• Accountability - Primary

• Influencing without Authority - Primary

• Managing Crisis – Secondary

• Functional Breadth - Secondary

Employment scams: Alcon is aware of employment scams which make false use of our company name or leader’s names to defraud job seekers. Alcon does not offer any positions without interview and never asks candidates for money. All our current job openings are displayed here on the Careers section of our website, where you can search for open positions and apply directly.
If you have encountered a job posting or been approached with a job offer that you suspect may be fraudulent, we strongly recommend you do not respond, send money or personal information, and check our website for current job openings.

ATTENTION: Current Alcon Employee/Contingent Worker

If you are currently an active employee/contingent worker at Alcon, please click the appropriate link below to apply on the Internal Career site.

Find Jobs for Employees

Find Jobs for Contingent Worker

Alcon is an Equal Opportunity Employer and takes pride in maintaining a diverse environment. We do not discriminate in recruitment, hiring, training, promotion or other employment practices for reasons of race, color, religion, gender, national origin, age, sexual orientation, gender identity, marital status, disability, or any other reason.