Current Statistics
1,600,728 Total Jobs 291,582 Jobs Today 17,907 Cities 222,694 Job Seekers 146,724 Resumes |
|
|
|
|
|
|
Staff Product Security Engineer - New York New York
Company: Butterfly Network Location: New York, New York
Posted On: 04/28/2024
Company Description Butterfly Network's vision is to enable a world in which all people, everywhere, get the right care, driven by the right clinical decisions at the right time. We reinvented ultrasound technology by creating the world's first handheld, single-probe whole-body ultrasound system: the Butterfly iQ. This innovative technology reduces the cost of the traditional ultrasound system by miniaturizing it onto a single semiconductor silicon chip. - Butterfly harnesses the advantages of AI and cloud computing to deliver advanced imaging that is easy-to-use and built for the digital era. The Butterfly iQ and next-generation Butterfly iQ+ have received CE Mark and FDA clearance, and are being sold in hospitals and clinics around the globe. Joining Butterfly Network is the opportunity to redesign the future of healthcare through the power of technology. Embark on a journey with us to maximize global impact, motivated by the idea that our products will change the lives of millions along with the people you love. Job Description Butterfly's Product Security team works on a secure-by-design principle and is responsible for the security of our product and cloud environments. In this role, you will have the opportunity to work with cross-functional teams as a security subject matter expert (SME). You will work on proactively identifying security risks within our environment, mitigating them through the design, implementation, and improvement of security controls. - As we scale our business internationally and engage with larger enterprises, security has never been more important to our company and to the patients we help every day. As part of our team, your core responsibilities will be: - - Drive adoption of security best practices as part of the product development lifecycle.
- Work with internal teams, vendors, and partners to identify, architect, and advance security at Butterfly.
- Develop technical solutions to help mitigate security risks and vulnerabilities.
- Perform technical security assessments, threat modeling, code audits, and design reviews with engineers to help ensure effective and secure development practices.
- Assist in the implementation of security-related product features like authentication, cryptography, etc.
- Review vulnerability and penetration testing, present assessment reports to clearly detail security findings and work with developers to remediate the issues identified.
- Participate actively in product design meetings providing insight and direction related to application security risks.
- Monitor security compliance to information security policies and standards.
- Assist in the implementation and operation of DAST/SAST/SCA/WAF solutions.
Qualifications Baseline skills/experiences/attributes: - BS degree in related field or equivalent experience. An MS degree in a related field or equivalent experience is a plus.
- Minimum 10+ years of experience in core security domains such as Application Security, Cloud and Network Security, - Vulnerability Management, etc.
- Strong understanding of secure engineering concepts such as secure coding practices and secure code reviews, threat modeling, and the ability to identify, mitigate and prevent threat vectors.
- Development experience and excellent understanding in mitigating OWASP Top 10 attacks on applications, cryptography and key management, PKI, TLS/SSL, DDoS mitigation, authentication, authorization & application security.
- Application penetration testing experience.
- Continuous Monitoring (Con-Mon) Analysis and Reporting of performance KPIs and KRIs
- Familiar with serverless computing such as AWS Lambda and container implementations with EKS, Kubernetes, etc.
- Experience leading design and security reviews of cloud-based systems.
- Ability to work closely with hardware, software, and cloud engineers.
Ideally, you also have these skills/experiences/attributes (but it's ok if you don't!): - CISSP, OSCP, GIAC, and/or AWS Certified Security Specialty.
- Hands-on knowledge of global regulatory and privacy requirements as they relate to NIST framework, GDPR, HITRUST, SOC2, and ISO27001.
Location At Butterfly we offer a hybrid work environment. For most employees, this means part time in the office (two or more days a week). Based on functional responsibilities and equipment needs, certain roles will - require full time on-site support, and select roles will be eligible to be remote. - Our preference is to have this role be Hybrid and based out of our NYC office. However, this role is also eligible to be Remote. - (Please note for all roles not based in our NYC office, we are only able to employ in the following states: AL, AZ, CA, CO, CT, DE, FL, GA, IL, IN, KS, KY, MA, MD, ME, MI, MN, MO, MT, NC, NE, NH, NJ, NM, NY, OH, OK, PA, SC, TN, TX, UT, VA, VT, WA,WI or WY. Please only apply if you are based in one of the states listed above. State locations and specifics are subject to change as our hiring requirements shift.) Benefits and Perks |
|
|
|
|
|
|