Sr Spec, Product Security Penetration Tester

This is where you save and sustain lives

At Baxter, we are deeply connected by our mission. No matter your role at Baxter, your work makes a positive impact on people around the world. You'll feel a sense of purpose throughout the organization, as we know our work improves outcomes for millions of patients.

Baxter's products and therapies are found in almost every hospital worldwide, in clinics and in the home. For over 85 years, we have pioneered significant medical innovations that transform healthcare.

Together, we create a place where we are happy, successful and inspire each other. This is where you can do your best work.

Join us at the intersection of saving and sustaining lives—where your purpose accelerates our mission.

About Baxter
Baxter provides a broad portfolio of essential renal and hospital products, including home, acute and in-centre dialysis; sterile IV solutions; infusion systems and devices; parenteral nutrition; surgery products and anesthetics; and pharmacy automation, software, and services. The company’s global footprint and the critical nature of its products and services play a key role in expanding access to healthcare in emerging and developed countries. Baxter’s employees worldwide are building upon the company’s rich heritage of medical breakthroughs to advance the next generation of healthcare innovations that enable patient care 
Job Summary 
    Job Title – Product Security Penetration Testing Lead
    Location – Whitefield, Bangalore
Job Responsibilities 
In this role you will be responsible for leading penetration testing and all activities involved for the Central Product Security and Privacy Organization. As part of this role, you will be responsible for executing penetration testing and involved activities both manually and with tools, including but not limited to Burp Suite and Metasploit. An understanding of embedded systems and how penetration testing is executed for them as well as their connected applications is a requirement. You will be collaborating with all resources working in the lab (tools support, lab support) as well as product teams on a daily basis.  
This role requires a strategic understanding of the business, customer/ patient needs, product technology and the purpose & values of Baxter to successfully deliver on the group priorities. A deep understanding of the latest security standards, systems, protocols and security products is needed.
Essential Responsibilities
•    Execute penetration testing for connected enterprise products, embedded products, and applications 
•    Proactively work with product teams to ensure the harmonized penetration testing and guidelines are being followed for all products 
•    Reporting of KPIs at an enterprise, GBU, and product level for penetration testing results
•    Collaboration with Tools lead and Lab lead
•    Installing and configuring penetration tools when necessary
•    Proactively create, share, and read reports as part of the penetration testing activities 
•    Proactively identify new penetration tooling methods

Desired Technical skills / experience:

•    WEB, mobile and/or embedded IoT application penetration testing experience
•    Network penetration testing experience
•    Understand and safely use various open-source penetration testing tools to emulate hacker tactics, techniques, and procedures
•    Binary analysis tools and debuggers (dnSpy, IDA Pro, Ghidra, Ildasm, ILSpy)
•    Sound understanding of security technologies/techniques like Cryptography, Algorithms, Public key Infrastructure (PKI) Certificate Authority (CA), Hardware/embedded authentication, OAuth, 2-factor authentication
•    Strong knowledge of secure software development lifecycle and practices
•    Strong knowledge of secure software development lifecycle and practices
•    Experience with penetration testing methodologies and tools including security analysis, audits and reviews
•    Knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities. Exposure to international privacy requirements & cross industry trends.
•    Desired: Exposure to Healthcare IT or medical device industry

Qualifications and Skills 
•    Bachelor's degree in Computer Science, a related field or equivalent demonstrated experience and knowledge
•    Minimum of one penetration testing (GPEN, CEH, GWAPT,...) certification required
•    A minimum 2 years working with each of the following:
o    AWS security
o    Conditional Access & MFA
o    Privileged access management
•    Excellent English verbal and written communication skills
•    Demonstrated skill working as part of a team, collaborating and supporting peers in a fast-paced environment
•    Project management experience for full security system lifecycle and security tool upgrades, including business case development
•    Self-motivated to own and solve difficult challenges and ability to motivate others to higher levels of performance and engagement
•    Strong desire and aptitude for continuous learning and keeping abreast of new and emerging technology

EEO (Equal Employment Opportunity)
Baxter is an equal opportunity employer. Baxter evaluates qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability/handicap status or any other legally protected characteristic.

Reasonable Accommodations

Baxter is committed to working with and providing reasonable accommodations to individuals with disabilities. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the application or interview process, please send an e-mail to [email protected] and let us know the nature of your request along with your contact information.

Recruitment Fraud Notice

Baxter has discovered incidents of employment scams, where fraudulent parties pose as Baxter employees, recruiters, or other agents, and engage with online job seekers in an attempt to steal personal and/or financial information. To learn how you can protect yourself, review our Recruitment Fraud Notice.