Component Security Engineer
3M has a long-standing reputation as a company committed to innovation. We provide the freedom to explore and encourage curiosity and creativity. We gain new insight from diverse thinking and take risks on new ideas. Here, you can apply your talent in bold ways that matter.
Collaborate with Innovative 3Mers Around the World
Choosing where to start and grow your career has a major impact on your professional and personal life, so it’s equally important you know that the company that you choose to work at, and its leaders, will support and guide you. With a diversity of people, global locations, technologies and products, 3M is a place where you can collaborate with 93,000 other curious, creative 3Mers.
“The impact 3M has on people’s lives and communities around the globe is amazing. As the leader of 3M’s global community giving, I am incredibly proud to be part of and work alongside 3Mers, community partners and customers committed to making positive social change.” – Michael Stroik, director of 3Mgives
The Impact You’ll Make in this Role:
The software component security engineer will be joining the Digital Science Community (DSC) as a security expert focused on ensuring the quality of externally sourced software components used within corporate projects. Also known as library, open-source software (OSS), or bill of material (BofM) security, the engineer in this role will help teams meet code security standards for projects supported by the DSC and throughout the broader 3M company.
One of the exciting opportunities in this position is the chance to work with a new team that has a positive collaborative environment with lots to do and lots to build around the globe. You will get to work in a cloud environment featuring advanced development workflows, automated control enforcement, and other industry leading capabilities. You will make a difference as a healthcare cyber security practitioner by protecting solutions that improve health outcomes and create more time for doctors to care for patients.
Primary Responsibilities include, but are not limited to, the following:
Implement test processes and procedures to ensure software meets component security requirements.
Work with product owners and developers to improve component security and quality.
Provide subject matter expertise on software components including recommended distribution and management methods.
Manage software applications that support the function including scanners and assist teams with build environment integration & ongoing technical support of those tools
Monitor the overall posture of software component quality and provide recommendations for improvement.
Create & maintain technical documentation relating to code components.
Actively participate in relevant corporate programs/initiatives, comply with professional and quality standards, follow corporate policies and procedures, and act in a manner consistent with 3M’s values and ethical standards.
Bachelor’s degree or higher (completed and verified prior to start) from an accredited institution
Minimum of 2+ years of experience as a security influenced developer or security engineer with code security responsibilities.
Familiarity with an enterprise software component scanning tools such as Black Duck, WhiteSource or Snyk.
Knowledge of the Software Development Lifecycle (SDLC), including experience with DevOps or similar highly integrated work environments.
Experience with cloud environments, service-oriented architectures, and complex enterprise environments.
Bachelor's Degree or higher from an accredited university.
MCSD, AWS certified engineer, or similar certifications.
Familiarity with Agile development methodologies and sprint planning.
Familiarity with source code management systems (particularly Git/GitHub) and approving pull requests.
Experience with Cloud Computing platforms (particularly AWS).
Deep knowledge of OWASP Top 10 and SANS Top 25 vulnerabilities.
Proven experience with an enterprise software component scanning tools such as Black Duck, WhiteSource or Snyk.
Comfortable reviewing component scan results with development teams and negotiating concerns professionally.
Experience with Jenkins, Maven, Docker, Kubernetes, or other build components.
Working at 3M
Unleash your potential.
Our success depends on the energy of our employees and the high quality of their leadership. Most of all it depends on their continuous improvement.
From sales to manufacturing to marketing to engineering, if you're committed to expanding your knowledge and gaining leading-edge skills, this is the place to do it. Professional development at 3M includes excellent training, continuing educational support, mentorship from smart, experienced people and more.
Move up - or move in new directions.
You'll find a strong promote-from-within culture here; it's an important aspect of our emphasis on learning and professional growth. You may also move between business units or even, potentially, to different locations around the world. That's one of the many advantages of our diverse business model and global reach.
Apply now for this fantastic opportunity with 3M!
At 3M, diversity & inclusion are essential to innovation. We seek and value differences in people!
As an equal opportunity employer, 3M will not discriminate against any applicant.
If you want to discover more about D&I at 3M, please visit http://go.3M.com/4i9C
Must be legally authorized to work in country of employment without sponsorship for employment visa status (Stamp 4 or EU citizen).