A global medical device manufacturer is seeking a cybersecurity product engineer to assist in the design and management of medical devices and cloud-based solutions.
Will work on application security design specifications and testing. This position will be performing penetration testing, vulnerability scanning and source code scanning on medical devices and cloud services.
This position will report to the Director of Global Product Privacy and Security.
Perform penetration testing on medical devices and cloud-based products across multiple global medical devices manufactures.
Assist R&D teams in using various cybersecurity tools for vulnerability assessments and source code scanning.
Active role in the definition and evolution of cybersecurity standard practices and procedures.
Assist R&D teams with developing threat modeling of medical devices.
Work on Proof of Concepts (POC) for new cloud security technologies.
Assist product development teams with security guidance and expertise.
Review risk assessment documentation for conformance to a set of security requirements.
Write technical assessments based on analysis of hardware and software designs.
Perform feasibility testing on security programs.
Monitor and analyze security alerts / logs and information.
Bachelor’s degree in Computer Science, Computer Engineering or other related discipline; equivalent experience may be acceptable.
Knowledge of cryptography technologies.
Proficient with common security tools (Metasploit, Nexpose, Nessus, burpsuite, nmap, netcat, hping3)
Can comprehend specifications, architectural and high level design, functional specifications and source code.
Proficient in written and verbal communication.
Ability to multitask and work on multiple projects.
Three to five years’ experience working with cloud services.
Familiar with open source technology, software development and scripting languages.
Security certifications such as CISSP, OSCP, CCSP, CEH, GIAC, CISA a plus.
Excellent knowledge of Information Security standards, frameworks, and best practices for large corporate environments.
Experience managing information security in a medical devices manufacturing environment is preferred.
Direct experience with SOX, HIPAA, FDA, Safe Harbor and other security and privacy governance is preferred.