Insulet
2 days ago
Insulet started in 2000 with an idea and a mission to enable our customers to enjoy simplicity, freedom and healthier lives through the use of our Omnipod® product platform. In the last two decades we have improved the lives of hundreds of thousands of patients by using innovative technology that is wearable, waterproof, and lifestyle accommodating.
We are looking for highly motivated, performance driven individuals to be a part of our expanding team. We do this by hiring amazing people guided by shared values who exceed customer expectations. Our continued success depends on it!
Job Title: Sr Staff Cloud Security Engineer / Senior Staff, Product Security Analyst
Company Overview:
Insulet started in 2000 driven to achieve our mission of enabling our customers to enjoy simplicity, freedom and healthier lives using our Omnipod® product platform. In the last two decades we have improved the lives of hundreds of thousands of patients who have insulin-requiring diabetes, by using innovative technology that is wearable, waterproof, and lifestyle accommodating. We are on an exciting trajectory of significant growth and global expansion enabling us to reach more patients around the globe.
We are looking for highly motivated, performance driven individuals who want to be part of building our Center of Excellence and be at the forefront of our rapidly growing global footprint. We are looking to hire amazing people who are guided by shared values and desire to exceed customer expectations. Our continued success depends on it.
Position Overview:
As the Cloud Security Engineer, you will have the opportunity to assist in securing Insulet’s cloud environment and the cloud-deployed/interfacing Insulet Products, identify cloud security risks, provide automations for detecting and preventing these risks, and enable implementation of these products in coordination with a cross-functional team, conduct security assessments of the existing products. You will manage multiple projects with a degree of impact and complexity that must be carefully controlled to support the internal business unit security requirements.
Responsibilities:
- Identify secure requirements for different commercial cloud environments.
- Understand security best-practices and architectural patterns for cloud-deployed products.
- Drive detection, prevention and remediation of cloud-based security findings
- Understand and create threat models, manage vulnerabilities, prioritize risks by considering multiple aggregated views for security risks emanating from data, infrastructure, exploitable vulnerabilities in aggregation.
- Conduct risk assessments for all embedded products and integrations to deliver risk-based approach in securing cloud-based medical devices.
- Apply security guidance that aligns with the medical device security standards (such as AAMI TIR 57) and FDA’s pre-market and post-market cybersecurity guidance.
- Research emerging technologies and assess their applicability to the products.
- Develop tools and frameworks that make it easy for teams to adopt security.
- Contribute to Security Policy, Standards, and Guidelines related to Medical Device Security.
- Contribute to cybersecurity deliverables for regulatory submissions.
- Collaborate with a cross-functional cyber, product and engineering teams, and support incident management.
Qualifications:
- Bachelor’s degree in electrical engineering or computer science, or equivalent practical experience
- 8-10 years in cybersecurity with a desired focus on cloud security engineering and security architecture especially with embedded software.
- Proficient in programming with C, C++, Java, .NET or other languages and the SDLC process.
- Experience in detecting, preventing and remediating security findings in AWS and Azure cloud environments.
- Experience with performing Security Testing and understanding of the application security concepts.
- Understanding of various types of Exploits, Threat Modeling, and Attack surfaces.
- Excellent communication, organizational skills, and experience in translating business goals into technical security deliverables.
- Experience working with multiple stakeholders such as engineering/operations teams, internal business units, external incident response teams, and law enforcement throughout the incident lifecycle.
- Experience with Cloud tools such as Rapid 7 and Wiz – Preferred.
- Experience with vulnerability assessment and penetration testing – Preferred.
Required Leadership/Interpersonal Skills & Behaviors:
- Effectively communicate complex information, concepts, and ideas in a clear and organized manner through verbal, written, and visual mechanisms.
- Strong collaboration skills and an ability to work with cross-functional teams across the security and privacy organization and broader Corporate Technology organization.
- Ability to work with virtual and global teams in a fast-paced environment.
- Experience balancing security needs with broader business objectives.
NOTE: This position is eligible for 100% remote working arrangements (may work from home/virtually 100%; may also work hybrid on-site/virtual as desired). ## LI-Remote
Additional Information:
The US base salary range for this full-time position is $132,990.00 - $199,815.00. Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position in the primary work location in the US. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your Talent Acquisition Specialist can share more about the specific salary range for your preferred location during the hiring process. Please note that the compensation details listed in US role postings reflect the base salary only, and do not include bonus, equity, or benefits.At Insulet Corporation all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.