This is where you save and sustain lives

At Baxter, we are deeply connected by our mission. No matter your role at Baxter, your work makes a positive impact on people around the world. You'll feel a sense of purpose throughout the organization, as we know our work improves outcomes for millions of patients.

Baxter's products and therapies are found in almost every hospital worldwide, in clinics and in the home. For over 85 years, we have pioneered significant medical innovations that transform healthcare.

Together, we create a place where we are happy, successful and inspire each other. This is where you can do your best work.

Join us at the intersection of saving and sustaining lives—where your purpose accelerates our mission.

Job Responsibilities

In this role you will be responsible for designing, building, testing and implementing systems with the primary goal of security/patient safety across Baxter’s software as a medical device product portfolio in various operating environments. Prevention of breach of Intellectual Property (IP), Attack surface minimization, preventive security and privacy controls, incident/vulnerability management are some of the focal areas for this position.

This role requires a strategic understanding of the business, customer/ patient needs, product technology and the purpose & values of Baxter to successfully deliver on the group priorities. A hands-on experience and interest in latest security standards, protocols, products and systems is mandatory for the success of this role.

Essential Responsibilities

• Support software development teams in building a security by design mindset by supporting implementation and code inline with the Application Security Program mandates.
• Implement solutions that meet security and privacy requirements defined in the security plans, risk assessments, policies, and procedures.
• Implement designs in accordance with secure software design guidelines to achieve desired security requirements and controls with the support of development leads, security architects and product owner(s).
• Implement features in line with the architecture via designs, coding, reviews and tests. Perform Proof of Concept (POC) activities as necessary.
• Review, Analyze and mitigate SAST, DAST, SCA and penetration test findings in collaboration with the developers for various non-medical and software as medical devices (SaMD) product lifecycles
• Support development of SBOM across multiple product lines
• Implement enhancements to software security controls across cloud-based medical products.
• Participate in post-market product analysis to support vulnerability investigations as required as well as be engaged in continuous security monitoring

Desired Technical skills / experience:

• Security developer able to support software development teams on secure coding practices and application security test report generation and interpretation for various coding languages and environments.
• Experience with secure software development lifecycle and practices including SAFe/ Agile methodologies for software development
• Understanding of security by design principles and architecture level security concepts, experienced with threat modeling and assessments
• Experience in implementing security technologies/techniques in cloud-based systems like Cryptographic Algorithms/Cipher Suites, Public key Infrastructure (PKI)), network security protocols, OAuth, 2-factor authentication, and data at rest encryption standards
• Experience implementing OWASP Top10 application security guidelines
• Experience with cloud-based design and security controls (e.g. network security, instance hardening, identify and access control, configuration best practices)
• Experience with penetration testing methodologies and tools including environmental configuration, security analysis, audits and reviews
• Knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities.
• Aware of international privacy requirements & cross industry trends.
• Desired: Exposure to Healthcare IT or medical device industry
• Desired: Experience integrating security tools into CI/CD pipelines
• Desired: Experience with AWS security controls

Qualifications and Skills

• Bachelor's degree in Computer Science, a related field or equivalent demonstrated experience and knowledge
• Minimum 4+ years of experience in software development or related fields.
• A minimum 2 years technical experience implementing cybersecurity requirements in cloud/hosted server environment
• A minimum 2 years working with each of the following:
  • Software development experience using web/application software technologies such as C/C++, Java, .Net, python, etc.
  • Experience analyzing, interpreting and mitigating security findings from multiple sources including SAST, DAST, SCA and penetration tests.
  • AWS security, secure networking, and network hardening strategies
  • Experience implementing Conditional Access & MFA solutions
  • Privileged access management
• Professional Cyber security certifications: CISSP/OSCP/SSCP are a plus

Reasonable Accommodations

Baxter is committed to working with and providing reasonable accommodations to individuals with disabilities. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the application or interview process, please send an e-mail to [email protected] and let us know the nature of your request along with your contact information.

Recruitment Fraud Notice

Baxter has discovered incidents of employment scams, where fraudulent parties pose as Baxter employees, recruiters, or other agents, and engage with online job seekers in an attempt to steal personal and/or financial information. To learn how you can protect yourself, review our Recruitment Fraud Notice.