Job Description

A Day in the Life

Lead and perform product and device-oriented cybersecurity-related activities ranging from incident response to vulnerability assessments and mitigation implementation. Develop and perform product-level intrusion detection activities. Lead product risk assessments in conjunction with product R&D teams and develop and recommend specific security controls for product/system wide security needs. Participate in the creation and testing of product security-related requirements and processes. Manage security-related deliverables for regulatory bodies, ensuring compliance with key standards / guidance documents. Evaluate and test security risks on programs across the entire development lifecycle, including market-released products. Support emerging cybersecurity certification initiatives. Maintain and update security documentation. Create and maintain threat models using STRIDE.

Must Have: Minimum Requirements

An undergraduate (bachelors) or graduate degree in computer science, computer engineering, electrical engineering, or similar discipline. CISSP or similar certification, or sufficient demonstrated experience Experience in embedded devices vulnerability assessment, especially medical devices and Threat Modelling and risk scoring Formal education in cybersecurity and information assurance. Minimum 12-year experience & 4 years of technical, cybersecurity-related experience, Experience in analyzing security posture and vulnerability assessment experience in penetration testing, fuzz testing of Web, enterprise cloud and Desktop solutions, (Black box, gray box and Whitebox testing) Experience in static code analysis for security vulnerability Software Product Development experience, Programming skills in one or more of the following: C, C++, Python, Java, .NET, Go, Ruby and/or Scala Understanding of national and international laws, regulations, and policies related to regulated medical device cybersecurity Demonstrated understanding of information security practices, risk management processes, cybersecurity principles, and incident response methodologies

Nice to Have

:


Experience as an analyst, engineer, developer, or architect with core cybersecurity responsibility and knowledge in two or more of the following areas: Experience in leading application architecture reviews and threat assessments Cloud systems architecture and security Enterprise and local network infrastructure security Experience in code reviews and/or penetration testing Large-scale application architecture and security Mobile device application architecture and security Risk assessments and cybersecurity regulatory requirements Experience in static and dynamic code analysis tools and methodologies Medical devices and systems security experience Security incident management experience Log event management and searching experience (Splunk, Sentinel, or similar) In-depth OS systems-level experience within one or more of the following: Linux, Windows, Android, iOS Demonstrated understanding of networking (ports/protocols), firewalls, load balancers and IPS Expertise in Agile and can work with at least one of the common frameworks Experience in Healthcare industry or other heavily regulated industry. Understanding of national and international laws, regulations, and policies related to regulated medical device cybersecurity Experience with container technologies such as Docker, Kubernetes, Mesos, or Open Container Initiative (OCI) Demonstrated ability to develop and grow productive, trusting, and open relationships with a wide variety of constituencies. Demonstrated leadership and teamwork skills Demonstrated ability to communicate complexity in a clear manner Demonstrated experience interfacing with customers and other external stakeholders regarding cybersecurity system design and behavior * Demonstrated strong analytical, problem-solving skills