Product Security Engineer (Hybrid, Loveland, CO)

We understand that the world we want tomorrow starts with how we do business today, and that’s why we’re inspired to make A Better World for Pets. Antech is comprised of a diverse team of individuals who are committed to each other’s growth and development. Our culture is centered on our guiding philosophy, The Five Principles: Quality, Responsibility, Mutuality, Efficiency and Freedom. Today Antech is driving the future of pet health as part of Mars Science & Diagnostics, a family-owned company focused on veterinary care.

Current Associates will need to apply through the internal career site. Please log into Workday and click on Menu or View All Apps, select the Jobs Hub app, then click the magnifying glass to Browse Jobs.

This is a Hybrid role based out of our office in Loveland, CO. The Target Pay Range for this position is $98,000 - $122,000 annually. At Antech, pay decisions are determined using factors such as relevant job-related skills, experience, education, training and budget.

Job Summary:

The Product Security Engineer will be responsible for defining, implementing and enforcing secure coding practices to ensure that software security is embedded early-on (shifting left) throughout product development lifecycle. To achieve this, the candidate will be collaborating with the Software Engineering Development Teams and the Cybersecurity team in leading and enhancing the design and implementation of information security requirements, including secure coding standards, language-specific secure coding guidelines, as well as secure SDLC methodologies.  This role requires strong expertise in secure coding standards, vulnerability management, and collaboration with development teams to build secure applications.

Key Responsibilities:

• Develop, maintain and implement secure coding standards based on industry best practices such as NIST 800-53, OWASP, CWE, CERT, ISO, among other.

• Develop, implement and maintain coding standards based on Language-specific Secure Coding Guidelines including C#, .NET, PowerShell, TypeScript, SEI CERT Coding Standards, Microsoft Secure Coding Guidelines, Mobile OS-based languages, as well as Azure-related security best-practices for Azure DevOps, Azure Security Center, Key Vault, Azure Policy, Azure AD and role-based access controls.

• Develop, maintain and implement secure coding standards based on Secure SDLC Frameworks and Methodologies such as Microsoft Security Development Lifecycle SDL, OWASP Software Assurance Maturity Model (SAMM), as well as other frameworks for measuring software security initiatives.

• Responsible for ensuring end-to-end security framework for design, development, testing, deployment and maintenance throughout the product lifecycle management.

• Integrate security principles into the Software Development Lifecycle, ensuring compliance with security and privacy  policies, standards and guidelines.

• Conduct secure code reviews for manual, automated, static, dynamic and software composition analysis to identify vulnerabilities.

• Work closely with software developers, DevOps & DevSecOps, and security teams to remediate vulnerabilities and enhance secure coding practices.

• Provide training and guidance to developers on secure coding techniques and threat mitigation strategies for threat modeling.

• Establish automated security testing within CI/CD pipelines.

• Stay up to date on emerging security threats, vulnerabilities and mitigation techniques.

Product Security Validation

• Organize and support the product security review process

• Ensure on-time delivery and required level of quality in all aspects of the validation process.

• Provide Standardized product security documentation.

• Collaborate with other stakeholders and core teams to ensure effective, efficient and secure design implementation.

• Provide assurance in adhering to established policies, standards, procedures and guidelines.

• Develop and ensure software engineering procedures are aligned with product security requirements.

• Lead risk assessments and threat modeling exercises for applications and solutions to provide vulnerability remediation guidance to product development engineering teams globally.

• Ensuring architecture is in accordance with industry accepted standards for veterinary and health devices security including encryption, disaster recovery, authentication, audit logging, hardening measures, patch management and vulnerability monitoring.  

Qualifications & Experience:

Education, Experience & skills:

• Bachelor’s or Master’s degree in Cybersecurity, Information Technology, Computer Science, Engineering or related field.

• 5+ years of experience in secure software development, application security or DevSecOps.

• Hand-on experience static, dynamic and Software Composition Analysis (SAST/DAST/SCA) tools.

• Strong knowledge of secure coding standards (e.g. OWASP, CERT, CWE, SANS Top 25, etc.)

• Proficiency in programming languages and related tools such as C#, .NET, PowerShell, TypeScript, as well as Azure-related security best-practices for Azure DevOps, Azure Security Center, Key Vault, Azure Policy, Azure AD and role-based access controls.

• Experience with security testing tools like SonarQube, Checkmarx, Fortify, Veracode, Burp Suite, or similar tools.

• Understanding of Zero Trust, Cloud-based and hybrid architectures.

• Strong-analytical and problem-solving skills with the ability to work in a fast-paced agile environment.

Preferred Qualifications:

• Experience in regulated industries (finance, healthcare, manufacturing, etc.) applying regulatory regulations and/or security frameworks under a quality management process.

• Hands -on knowledge of threat modeling methodologies (STRIDE, DREAD, etc.)

• Experience in a laboratory setting, veterinary clinics, healthcare or related systems.

• Experience communicating complex security concepts effectively (technical, non-technical and executive level audiences).

• Experience and knowledge working with encryption algorithms and a Public-Key Infrastructure (PKI) solutions.

• Knowledge of cloud security best practices for AWS, GCP and Azure.

• Experience with container security (Docker, Kubernetes) a plus.

• Relevant certifications such as CISSP, CSSLP, CEH, OSCP, GIAC GWAPT are highly preferred. Microsoft Azure certifications including Microsoft Certified-AZ-500, AZ-505, AZ-400, SC-900 are a plus.

• Experience working in a regulated (FDA, MDR) environment with medical instrumentation is a plus.

Physical Demands:

• Extensive sitting, phone, and computer use

• Extend and reach with hands and arms and use hands and fingers

• Occasionally required to bend, kneel, stoop, or crouch

• May be required to lift, move, and carry up to 15 lbs.

• Specific vision abilities required including close vision, color vision, depth perception, and the ability to adjust focus.

• Hearing ability to effectively communicate via the telephone and in person

• Ability to communicate verbally on the telephone and in person

• Fluency in the English language

• Extended hours may be needed

Work Environment:

The employee will primarily work in a typical office environment including use of cubicles, computers and overhead lighting. Temperature extremes will be minimal to nonexistent. The noise level in the work environment is usually moderate.  The employee will be required to use a computer, spreadsheets, database management, email, and the Internet.  The employee is frequently required to use a calculator; fax, copy machine, and phone system. 

About Antech

Antech is a leader in veterinary diagnostics, driven by our passion for innovation that delivers better animal health outcomes. Our products and services span 90+ reference laboratories around the globe; in-house diagnostic laboratory instruments and consumables, including rapid assay diagnostic products and digital cytology services; local and cloud-based data services; practice information management software and related software and support; veterinary imaging and technology; veterinary professional education and training; and board-certified specialist support services.

Antech offers an industry competitive benefits package and continues to invest in and evolve benefits programs that meet the health, wellness and financial needs of our associates.

• All Full-time associates are eligible for the following benefits and more:

• Paid Time Off & Holidays

• Medical, Dental, Vision (Multiple Plans Available)

• Basic Life (Company Paid) & Supplemental Life

• Short and Long Term Disability (Company Paid)

• Flexible Spending Accounts/Health Savings Accounts

• Paid Parental Leave

• 401(k) with company match

• Tuition/Continuing Education Reimbursement

• Life Assistance Program

• Pet Care Discounts

We are proud to be an Equal Opportunity Employer - Veterans / Disabled. For a complete EEO statement, please see our Career page at Antech Careers.

Note to Search Firms/Agencies

Antech Diagnostics, Inc. and its subsidiaries and affiliates (Antech) do not compensate search firms for unsolicited assistance unless they have a written search agreement with Antech and the requisition is position-specific. Any resumes, curriculum vitae, and other unsolicited assistance from search firms that do not have a written search agreement or position-specific requisition submitted to any Associate of Antech will be deemed the sole property of Antech and no fee will be paid in the event the candidate is hired by Antech.