Security Engineer, Applications - Military veterans preferred

Foundation Medicine, Inc.

• Full Time

About the Job

The Security Engineer aids in the growth and continuous improvement of FMI’s security program. The incumbent implements and maintains a variety of security tools and software and performs technical security analysis of IT solutions. This person is responsible for supporting the design, implementation, and maintenance secure software applications and systems. They work to identify, assess, and mitigate security vulnerabilities throughout the software development lifecycle.

Key Responsibilities

• Partner with appropriate Technology teams to ensure new IT systems are designed, configured, and implemented in a secure manner.
• Document security configurations, procedures, changes, use and test cases.
• Assist Technology teams with IT asset security by supporting threat modeling exercises, documenting security risks, as well as updating and enforcing secure baseline configurations for various system types, including—but not limited to—custom software applications, laptops, servers, and cloud-based instances.
• Document approved baseline configurations.
• Work with Technology teams to ensure implementation of procedures for vulnerability management of FMI technology systems.
• Assist Technology teams with technology projects to ensure secure configuration, implementation, and monitoring of systems within FMI’s software and systems environment.
• Implement, maintain, and support in-house security tools to support zero-trust and defense in depth security architectures.
• Evaluate new and existing custom software systems for vulnerabilities and provide suggestions for countermeasures to protect against potential threats.
• Testing and verifying software security including penetration testing, static and dynamic analysis, and fuzzing, to identify and recommend solutions to security flaws.
• Work closely with software developers, architects, and other stakeholders to ensure security is integrated into all aspects of the software development lifecycle.
• Educating developers and other stakeholders about security best practices and potential risks.
• Assist in tracking risks and driving remediation of risks.
• Other duties as assigned.

Qualifications:

Basic Qualifications:

• Bachelor’s degree in computer science, computer engineering, information security, or other closely related discipline
• 5+ years of experience in software development and technology, a portion of which included support for security-related technology projects

Preferred Qualifications:

• Advanced Degree in information security, information systems, or related field
• Hands-on experience implementing technical security elements, including:
  • Development experience with source control tools (GitHub, Gitlab, SVN, Perforce, etc.) and CI/CD frameworks (Jenkins, Azure Devops, GitHub Actions, Gitlab Runners, etc.)
  • Experience designing cybersecurity coding curriculum for software developers, with frameworks such as Secure Code Warrior
  • Ethical hacking skills using tools such as Burp Suite, Postman, and Nmap to perform standardized and routine application testing
  • Familiarity with code analysis and tools such as Snyk, Fortify, SonarQube, JFrog Xray, as well as ability to recognize security hotspots and secure software best practices
• Security certifications, such as CISSP, CISA, GSEC, and equivalent
• Knowledge of current and emerging security and information technology standards and practices, including AI and LLM
• Knowledge of cloud-based Single Sign-On (SSO) technologies and related standards such as OAUTH 2.0 and SAML
• Familiarity with security compliance directives, including: OWASP, NIST, IEC62304, ISO 27001, SSAE SOC 2, CIS, etc.
• Exposure to cybersecurity principles applicable to medical device software, such as SAMD or SIMD
• Demonstrated ability to meet deliverables, timetables, and deadlines
• Agreement to maintain confidentiality as it pertains to sensitive company, employee, and proprietary data and information
• Personal integrity and behavior consistent with FMI’s ethical standards to inspire confidence in customers, peers, partners, and employees
• Demonstrated ability to work effectively with internal and external stakeholders
• Understanding of HIPAA, GDPR, and other international regulations regarding patient data, privacy, and safety.
• Commitment to reflect FMI’s values: Passion, Patients, Innovation, and Collaboration.

The expected salary range for this position based on the primary location of Remote is $ $121,000 - $163,000 per year. The salary range is commensurate with FMI’s compensation practice and considers factors including, but not limited to, education, training, experience, external market conditions, criticality of role, and internal equity. A discretionary annual bonus may be available based on individual and Company performance.? This position also qualifies for FMI benefits.

#LI-Remote

Foundation Medicine, Inc. (FMI) began with an idea—to simplify the complex nature of cancer genomics, bringing cutting-edge science and technology to everyday cancer care. Our approach generates insights that help doctors match patients to more treatment options and helps accelerate the development of new therapies. Foundation Medicine is the culmination of talented people coming together to realize an important vision, and the work we do every day impacts real lives.

Confidence, or the belief that we need to check every box before applying for a job, can sometimes hold us back from going after a role that inspires us. At Foundation Medicine there's no such thing as the 'perfect' applicant, and our company is a place where every employee can make an impact and continue to grow whatever background they may have or path they may have taken. So, as long as you meet the basic qualifications for a role, please apply if you see a position that would make you excited to come into Foundation Medicine every day and help us transform cancer care.

PI274468648