Staff Product Security Engineer

Company: Butterfly Network
Location: New York
Posted on: April 28, 2024

Job Description:

Company Description
Butterfly Network's vision is to enable a world in which all people, everywhere, get the right care, driven by the right clinical decisions at the right time. We reinvented ultrasound technology by creating the world's first handheld, single-probe whole-body ultrasound system: the Butterfly iQ. This innovative technology reduces the cost of the traditional ultrasound system by miniaturizing it onto a single semiconductor silicon chip. -
Butterfly harnesses the advantages of AI and cloud computing to deliver advanced imaging that is easy-to-use and built for the digital era. The Butterfly iQ and next-generation Butterfly iQ+ have received CE Mark and FDA clearance, and are being sold in hospitals and clinics around the globe.
Joining Butterfly Network is the opportunity to redesign the future of healthcare through the power of technology. Embark on a journey with us to maximize global impact, motivated by the idea that our products will change the lives of millions along with the people you love.
Job Description
Butterfly's Product Security team works on a secure-by-design principle and is responsible for the security of our product and cloud environments. In this role, you will have the opportunity to work with cross-functional teams as a security subject matter expert (SME). You will work on proactively identifying security risks within our environment, mitigating them through the design, implementation, and improvement of security controls. -
As we scale our business internationally and engage with larger enterprises, security has never been more important to our company and to the patients we help every day.
As part of our team, your core responsibilities will be: -

• 
  
• Drive adoption of security best practices as part of the product development lifecycle.
  
• Work with internal teams, vendors, and partners to identify, architect, and advance security at Butterfly.
  
• Develop technical solutions to help mitigate security risks and vulnerabilities.
  
• Perform technical security assessments, threat modeling, code audits, and design reviews with engineers to help ensure effective and secure development practices.
  
• Assist in the implementation of security-related product features like authentication, cryptography, etc.
  
• Review vulnerability and penetration testing, present assessment reports to clearly detail security findings and work with developers to remediate the issues identified.
  
• Participate actively in product design meetings providing insight and direction related to application security risks.
  
• Monitor security compliance to information security policies and standards.
  
• Assist in the implementation and operation of DAST/SAST/SCA/WAF solutions.
  
  Qualifications
  Baseline skills/experiences/attributes:
  
  • 
    
  • BS degree in related field or equivalent experience. An MS degree in a related field or equivalent experience is a plus.
    
  • Minimum 10+ years of experience in core security domains such as Application Security, Cloud and Network Security, - Vulnerability Management, etc.
    
  • Strong understanding of secure engineering concepts such as secure coding practices and secure code reviews, threat modeling, and the ability to identify, mitigate and prevent threat vectors.
    
  • Development experience and excellent understanding in mitigating OWASP Top 10 attacks on applications, cryptography and key management, PKI, TLS/SSL, DDoS mitigation, authentication, authorization & application security.
    
  • Application penetration testing experience.
    
  • Continuous Monitoring (Con-Mon) Analysis and Reporting of performance KPIs and KRIs
    
  • Familiar with serverless computing such as AWS Lambda and container implementations with EKS, Kubernetes, etc.
    
  • Experience leading design and security reviews of cloud-based systems.
    
  • Ability to work closely with hardware, software, and cloud engineers.
    
    Ideally, you also have these skills/experiences/attributes (but it's ok if you don't!):
    
    • 
      
    • CISSP, OSCP, GIAC, and/or AWS Certified Security Specialty.
      
    • Hands-on knowledge of global regulatory and privacy requirements as they relate to NIST framework, GDPR, HITRUST, SOC2, and ISO27001.
      
      Location
      At Butterfly we offer a hybrid work environment. For most employees, this means part time in the office (two or more days a week). Based on functional responsibilities and equipment needs, certain roles will - require full time on-site support, and select roles will be eligible to be remote. -
      Our preference is to have this role be Hybrid and based out of our NYC office. However, this role is also eligible to be Remote. -
      (Please note for all roles not based in our NYC office, we are only able to employ in the following states: AL, AZ, CA, CO, CT, DE, FL, GA, IL, IN, KS, KY, MA, MD, ME, MI, MN, MO, MT, NC, NE, NH, NJ, NM, NY, OH, OK, PA, SC, TN, TX, UT, VA, VT, WA,WI or WY. Please only apply if you are based in one of the states listed above. State locations and specifics are subject to change as our hiring requirements shift.)
      
      Benefits and Perks
      
      • 
        
      • Fully covered medical insurance plan (with dental & vision) - as a health-tech company, we place great worth on our teams' well-being
        
      • 401k plan and match - we facilitate your retirement goals
        
      • Unlimited Paid Time Off + 15 Holiday Days a Year - recharge and come back ready to make an impact
        
      • Parental Leave - for eligible employees, we provide a generous 10-week parental leave and additional 6-8 weeks pregnancy-related leave for birthing parents. -
        
      • Competitive salaried compensation - we value our employees and show it -
        
      • Equity - we want every employee to be a stakeholder
        
      • The opportunity to build a revolutionary healthcare product and save millions of lives! -
        
        Compensation -
        Our estimated salary for this role in NYC is between $170,000 - $200,000 + bonus + equity + benefits. Actual pay is determined by multiple factors such as skills, qualifications, experience and market demand.
        
        For this role, we are only considering candidates who are legally authorized to work in the United States and who do not now or in the future require sponsorship for employment visa status.
        Butterfly Network does not accept agency resumes. -
        Butterfly Network is an E-Verify Company. -
        Butterfly Network is an equal opportunity employer. - Regardless of race, traits associated with race, color, ancestry, religion, gender, national origin, sexual orientation, age, citizenship, marital status, disability or Veteran status. All your information will be kept confidential according to EEO guidelines.
        
        #LI-KG1
        #LI-Remote

Keywords: Butterfly Network, West New York , Staff Product Security Engineer, Engineering , New York, New Jersey