Information Security Lead jobs at Philips in India, Bengaluru

Information Security Lead

As a Senior Information Security Manager, you will be responsible for developing, implementing and monitoring a strategic, comprehensive IT security program while ensuring compliance with regulatory requirements, and mitigating risks to the organization's information assets. Information Security Manager will provide the vision and leadership necessary to manage the risk to the platform assigned and will ensure business alignment, effective governance, system and infrastructure availability, integrity and confidentiality.

You're the right fit if:

• Bachelor’s or Master’s degree in Information Technology and or commensurate experience in delivering security solutions.
• Overall Enterprise IT Security experience of 15+ yrs or more.
• Security Certifications such as CISSP, CISM, CISA, CIPP etc. are preferred.
• Should have a senior level in the domain of Security & operations management
• Absolutely trustworthy with high standards of personal integrity (demonstrated by an unblemished career history, lack of criminal convictions etc.), willing to undergo vetting and/or personality assessments to verify this if necessary
• Typically a background in technical security roles or operations, with a clear and abiding interest in security

This role is an office role.

We are a health technology company. We built our entire company around the belief that every human matters, and we won't stop until everybody everywhere has access to the quality healthcare that we all deserve. Do the work of your life to help the lives of others.
• Learn more about .
• Discover .
• Learn more about .
If you’re interested in this role and have many, but not all, of the experiences needed, we encourage you to apply. You may still be the right candidate for this or other opportunities at Philips. Learn more about our culture of impact with care .

Your role:

• Guides the evaluation of current cybersecurity principals, processes, and controls, and leads the evaluation of new technology using existing standards and frameworks
• Regularly provides technical guidance and direction to support the business and its technical teams, contractors, and vendors.
• Works with stakeholders and senior leaders to recommend business modifications during periods of vulnerability
• Serves as function-wide subject matter expert in one or more areas of focus
• Actively contributes to the engineering community as an advocate of firmwide frameworks, tools, and practices of the Software Development Life Cycle
• Influences peers and project decision-makers to consider the use and application of leading-edge technologies
• Adds to team culture of diversity, equity, inclusion, and respect.
• Perform and develop strategic cyber security roadmaps for the products and services.
• Conduct threat modeling and architectural assessments of applications to encompass all aspects of information security, ensuring security by design.
• Document identified threats and provide corresponding mitigation strategies.
• Evaluate technologies and solutions to enhance security capabilities.
• Identify security gaps and communicate associated business risks to relevant stakeholders.
• Provide solutions aligned with business needs, considering security and compliance requirements.
• Verify the effectiveness of security controls in mitigating identified risks.
• Assist engineering projects throughout the Secure Software Development Life Cycle (SSDLC) and collaborate to effectively prioritize product security elements.

.
You're the right fit if:(4 x bullets max)

• Formal training or certification on Cybersecurity concepts and 10+ years applied experience
• Hands-on practical experience high quality threat models and knowledge of MITRE framework, STRIDE framework and kill chains.
• Proficient in Cryptographic Security Controls (Key Management Systems).
• Strong knowledge of information security principles, security architectures, frameworks, standards, and emerging threats, with the ability to implement effective mitigation strategies.
• Deep understanding of network protocols, operating systems, databases, applied cryptography, least privilege, zero trust principles, identity & access management, and other core information security concepts.
• Familiarity with regulatory requirements and compliance standards (NIST, ISO 27001, GDPR, FDA, HIPPA).
• Expertise in cloud computing and its associated best security practices, covering applications, infrastructure, storage, platforms, and data security.
• Hands-on experience in performing threat modeling for applications, identifying threats, and suggesting optimal mitigation strategies.
• Strong understanding of threat modeling methodologies (e.g., STRIDE, DREAD, PASTA).
• Proficiency in using threat modeling tools (e.g., Microsoft Threat Modeling Tool, Threat Modeler, OWASP Threat Dragon).
• In-depth knowledge of common security vulnerabilities (e.g., OWASP Top Ten, CVEs) and attack vectors.
• Must have experience in architecting and securing Cloud Computing Platforms such as Azure or AWS.
• Architecture & Networking , Identity & Access Management, Securing the CI/CD Pipeline, Secrets and Data Protection, logging and monitoring and Security controls for Containers(e.g., Dockers, Kubernetes).
• Excellent communication and interpersonal skills, with the ability to interact with stakeholders at all levels and explain complex security concepts in an easily understandable manner.
• Good understanding of relevant laws, regulations, and industry standards

We are a health technology company. We built our entire company around the belief that every human matters, and we won't stop until everybody everywhere has access to the quality healthcare that we all deserve. Do the work of your life to help the lives of others.
• Learn more about .
• Discover .
• Learn more about .
If you’re interested in this role and have many, but not all, of the experiences needed, we encourage you to apply. You may still be the right candidate for this or other opportunities at Philips. Learn more about our culture of impact with care .

Product Security Engineer

Primary Roles and Responsibilities:

• Participate in the development of life saving devices and applications with focus on product security.
• Drive the definition, plan, and implementation of the overall security strategy, standards, processes, and procedures, which meet or exceed customer expectations and applicable processes & standards in collaboration with the Product Security Office.
• Perform security assessments in accordance with the Risk Management Framework (RMF) as defined by National Institute of Standards and Technology (NIST).
• Actively participate in applying cyber security best practices to product development projects including cloud, application, and embedded software systems.
• Conduct or oversee technical aspects of security risk assessments and compliance audits, the evaluation and testing of firmware and software for possible impacts upon system security, and the investigation and resolution of security incidents.
• Conduct risk analyses for vulnerabilities, create threat models, perform penetration testing.
• Integrate security best practices and controls throughout the Software Development Life Cycle (SDLC).
• Function as technical lead during a security incident, determining the cause of the incident(s), performing incident response activities and forensics analysis of security incidents.
• Participate in architecture, design, and code reviews to provide security related feedback and guidance.
• Create engineering documentations to comply with product development policies, practices, and procedures.
• Working closely with regulatory bodies to support enquiries, own security related documentation and deliverables ensuring compliance with key standards/guidance documents.
• Liaison with the Product Security & Services Office (PSSO) and review applicability of impact to released or in development products regarding Product Security Advisory notices issued by the PSSO

Key Knowledge, skills and abilities required:

• BS/MS/PhD degree in Cyber Security, Systems Security, Computer Science, Computer Engineering, or equivalent
• 10+ years of job experience in a Cyber Security related position
• 5+ years of job experience in the design and development of secure software applications
• Experience with security hardening and analysis across cloud (e.g. AWS), Windows, embedded, and Linux environments/applications
• Familiar with secure coding standards
• Familiar with vulnerability testing, fuzz-testing and related scanning tools Penetration testing and tools experience
• Familiarity with OWASP methodology and tools for web application security testing.
• Strong communication and analytical skills, able to effectively communicate with people at all levels
• Forensics analysis
• Certifications such as:
  • Certified Information System Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Cloud Certified Security Professional (CCSP)
• Excellent written and verbal communication skills
• Good learning aptitude

Key Knowledge, skills, and abilities desired:

• Preferred experience in the medical, health industry, or similar regulated industries using Risk Management Framework (Finance, Military, etc.)
• Preferred experience driving product development through RMF (Risk Management Framework)
• Preferred familiarity with Department of Defense Information Assurance Architecture
• Working knowledge of C, C++, C#
• Working knowledge of real time systems

Onsite roles require full-time presence in the company’s facilities.Indicate if this role is an office/field/onsite role.
• Learn more about .
• Discover .
• Learn more about .

Job title:

Senior Software Technologist - Security

Your role:

• Utilizes specialized knowledge to manage and address a diverse range of security issues and projects within the team, applying in-depth expertise to identify, analyze, and resolve complex security challenges, ensuring effective solutions and enhanced protection for the organization.
• Works under limited supervision and broad guidelines, using independent judgment to make decisions on significant compliance matters and navigate complex situations effectively.
• Examines potential security breaches by assessing the nature and scope of the threat, coordinate an effective response to mitigate immediate impacts, and recommend comprehensive corrective actions to address identified vulnerabilities.
• Identifies key performance indicators (KPIs) for information security, providing detailed reports and analysis to assess the effectiveness of security measures, and ensure alignment with organizational security objectives.
• Tracks service levels related to information security, providing detailed analyses and reports on security service performance, incidents, and issues to ensure optimal security operations and compliance with established standards.
• Monitors the health and performance of security services, investigating incidents and driving their resolution, coordinating with vendors and other stakeholders to ensure effective service execution and mitigate security issues.
• Assists in the evaluation of both new and existing applications by participating in security reviews, ensuring that they meet established security standards and identifying potential vulnerabilities that need to be addressed.
• Reviews security policies, procedures, and related documentation to ensure effectiveness, incorporate best practices, address emerging threats, and align with organizational needs and compliance requirements, maintaining a robust and adaptive security framework.
• Develops effective relationships with internal teams and external partners to collaboratively resolve security-related issues, refine procedures, and enhance security outcomes in alignment with organizational goals.

You're the right fit if:

• Bachelor's / Master's Degree in Computer Science, Information Technology, Cybersecurity or equivalent.
• Minimum 8-10 years of experience in areas such as Security Architecture, Network Security, Cybersecurity Technology, Information Security or equivalent
• Experience in cloud and/or application security
• Possess strong knowledge of cloud architectures and security best practices
• Hands-on experience with Infrastructure as Code tools, particularly Terraform
• Show proficiency in secure coding practices and OWASP Top 10
• Have at least one hands on experience participating in security compliance (industry regulation, ISO27001, SOC2)
• Relevant cloud security certifications (e.g., CCSP, AWS Security)
• Experience with healthcare industry security requirements
• Expertise incloud-native security tools
• Strong open source culture, and “automation first” mindset.
• Autonomous, rigorous, team-oriented, and driven by meaningful projects.

We are a health technology company. We built our entire company around the belief that every human matters, and we won't stop until everybody everywhere has access to the quality healthcare that we all deserve. Do the work of your life to help the lives of others.
• Learn more about .
• Discover .
• Learn more about .
If you’re interested in this role and have many, but not all, of the experiences needed, we encourage you to apply. You may still be the right candidate for this or other opportunities at Philips. Learn more about our culture of impact with care .

Product Security Engineer

Primary Roles and Responsibilities:

• Participate in the development of life saving devices and applications with focus on product security.
• Drive the definition, plan, and implementation of the overall security strategy, standards, processes, and procedures, which meet or exceed customer expectations and applicable processes & standards in collaboration with the Product Security Office.
• Perform security assessments in accordance with the Risk Management Framework (RMF) as defined by National Institute of Standards and Technology (NIST).
• Actively participate in applying cyber security best practices to product development projects including cloud, application, and embedded software systems.
• Conduct or oversee technical aspects of security risk assessments and compliance audits, the evaluation and testing of firmware and software for possible impacts upon system security, and the investigation and resolution of security incidents.
• Conduct risk analyses for vulnerabilities, create threat models, perform penetration testing.
• Integrate security best practices and controls throughout the Software Development Life Cycle (SDLC).
• Function as technical lead during a security incident, determining the cause of the incident(s), performing incident response activities and forensics analysis of security incidents.
• Participate in architecture, design, and code reviews to provide security related feedback and guidance.
• Create engineering documentations to comply with product development policies, practices, and procedures.
• Working closely with regulatory bodies to support enquiries, own security related documentation and deliverables ensuring compliance with key standards/guidance documents.
• Liaison with the Product Security & Services Office (PSSO) and review applicability of impact to released or in development products regarding Product Security Advisory notices issued by the PSSO

Key Knowledge, skills and abilities required:

• BS/MS/PhD degree in Cyber Security, Systems Security, Computer Science, Computer Engineering, or equivalent
• 6+ years of job experience in a Cyber Security related position
• 3+ years of job experience in the design and development of secure software applications
• Experience with security hardening and analysis across cloud (e.g. AWS), Windows, embedded, and Linux environments/applications
• Familiar with secure coding standards
• Familiar with vulnerability testing, fuzz-testing and related scanning tools Penetration testing and tools experience
• Familiarity with OWASP methodology and tools for web application security testing.
• Strong communication and analytical skills, able to effectively communicate with people at all levels
• Forensics analysis
• Certifications such as:
  • Certified Information System Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Cloud Certified Security Professional (CCSP)
• Excellent written and verbal communication skills
• Good learning aptitude

Key Knowledge, skills, and abilities desired:

• Preferred experience in the medical, health industry, or similar regulated industries using Risk Management Framework (Finance, Military, etc.)
• Preferred experience driving product development through RMF (Risk Management Framework)
• Preferred familiarity with Department of Defense Information Assurance Architecture
• Working knowledge of C, C++, C#
• Working knowledge of real time systems

Onsite roles require full-time presence in the company’s facilities.Indicate if this role is an office/field/onsite role.
• Learn more about .
• Discover .
• Learn more about .

Your role:

• Implementation of the Test Automation roadmap, including new tools and platforms
• Create automation frameworks as necessary. Identify and evaluate state of the art tools to continuously improve the test automation framework and process.
• Work with product owner to define program increment and sprint scope.
• Design the features, define and write automation steps against the specification
• Defining and realizing the needed IT infrastructure for Test Automation, working closely with DevOps to enable faster deployments and quicker feedback
• Driving automation on multiple programs, building test strategies and experience in driving technology decisions mainly on technical aspects and technical tradeoffs
• Technical lead of the Test Automation team
• Leading Cyber Security Testing for EC informatics products
• Showcasing knowledge on performance, reliability and load testing through automation.
• Coaching and mentoring team members on automation and processes.
• Having expertise in development, testing and debugging skills
• Own up the environment setup and upkeep of the same.

You're the right fit if:

• Bachelor’s degree in Computer Science, Engineering, or related field.
• 8+ years of proven experience in automated testing for both web and mobile apps .
• Hands-on expertise in Selenium WebDriver, Appium, Java/Python/JavaScript , or similar.
• Strong understanding of test frameworks (JUnit, TestNG, BDD tools like Cucumber).
• Experience with cross-browser and cross-platform testing tools (e.g., BrowserStack, Sauce Labs).
• Familiarity with REST API testing tools such as Postman, Rest Assured.
• Experience with version control systems (Git), bug tracking tools (DevOps, JIRA), and test management tools (DevOps, TestRail, Zephyr).
• Experience in developing and implement test automation frameworks, scripts, and processes, ensuring they are scalable and maintainable.
• Contribute to the development of overall testing strategies, including identifying areas for automation and determining the scope of automated testing.
• Evaluate and recommend appropriate tools and technologies for automated testing
• Knowledge of Agile/Scrum development processes.
• Strong analytical and troubleshooting skills.
• Excellent communication and leadership abilities.

Preferred Qualifications:

• ISTQB Certification or equivalent.
• Experience in performance testing (e.g., JMeter).
• Knowledge of containerized environments (e.g., Docker) and cloud platforms (AWS, Azure).
• Exposure to TDD/BDD and shift-left testing strategies.

This role is an office-based role.

We are a health technology company. We built our entire company around the belief that every human matters, and we won't stop until everybody everywhere has access to the quality healthcare that we all deserve. Do the work of your life to help the lives of others.
• Learn more about .
• Discover .
• Learn more about .

Sr. Information Security Manager

As a Senior Information Security Manager, you will be responsible for developing, implementing and monitoring a strategic, comprehensive IT security program while ensuring compliance with regulatory requirements, and mitigating risks to the organization's information assets. Information Security Manager will provide the vision and leadership necessary to manage the risk to the platform assigned and will ensure business alignment, effective governance, system and infrastructure availability, integrity and confidentiality.

You're the right fit if:

• Bachelor’s or Master’s degree in Information Technology and or commensurate experience in delivering security solutions.
• Overall Enterprise IT Security experience of 15+ yrs or more.
• Security Certifications such as CISSP, CISM, CISA, CIPP etc. are preferred.
• Should have a senior level in the domain of Security & operations management
• Absolutely trustworthy with high standards of personal integrity (demonstrated by an unblemished career history, lack of criminal convictions etc.), willing to undergo vetting and/or personality assessments to verify this if necessary
• Typically a background in technical security roles or operations, with a clear and abiding interest in security

This role is an office role.

We are a health technology company. We built our entire company around the belief that every human matters, and we won't stop until everybody everywhere has access to the quality healthcare that we all deserve. Do the work of your life to help the lives of others.
• Learn more about .
• Discover .
• Learn more about .
If you’re interested in this role and have many, but not all, of the experiences needed, we encourage you to apply. You may still be the right candidate for this or other opportunities at Philips. Learn more about our culture of impact with care .