Responsibilities | - Lead and perform product and device-oriented cybersecurity-related activities ranging from incident response to vulnerability assessments and mitigation implementation.
- Defined and Implement vulnerability remediation, risk mitigation process and reporting
- Implement remediation and mitigation of security vulnerabilities by applying network, server and application security controls
- Develop and perform product-level intrusion detection activities
- Lead product risk assessments in conjunction with product R&D teams and develop and recommend specific security controls for product/system wide security needs
- Participate in the creation and testing of product security-related requirements and processes.
- Manage security-related deliverables for regulatory bodies, ensuring compliance with key standards and regulatory requirements
- Evaluate and test security risks on programs across the entire product development lifecycle, including market-released products
- Support emerging cybersecurity certification initiatives
- Lead application architecture reviews and threat assessments
Responsibilities may include the following and other duties may be assigned. - Performs technical planning, system integration, verification and validation, evaluates alternatives including cost and risk, supportability and analyses for total systems
- Analyses are performed at all levels of total system product to include: concept, design, fabrication, test, installation, operation, maintenance and disposal
- Ensures the logical and systematic conversion of product requirements into total systems solutions that acknowledge technical, schedule, and cost constraints
- Performs functional analysis, timeline analysis, detail trade studies, requirements allocation and interface definition studies to translate customer requirements into hardware and software specifications
|
Relevant Skills / Experience | - An undergraduate (bachelors) or graduate degree in computer science, electrical engineering, or similar discipline
- CISSP or similar certification, or sufficient demonstrated experience and/or formal education in cybersecurity and information assurance
- Minimum of 7 years of technical, cybersecurity-related experience, or advanced degree with a minimum of 5 years' experience
- Demonstrated leadership and teamwork skills
- Demonstrated ability to communicate complexity in a clear manner
- Demonstrated experience interfacing with customers and other external stakeholders regarding cybersecurity system design and behavior
- Demonstrated strong analytical, problem solving skills
- Medical and/or IoT embedded device security and systems/stack experience
- Strong knowledge of cloud systems architecture and security models (AWS/Azure)
- Enterprise and local network infrastructure security
- Experience in large-scale (Enterprise) application/security architecture design and code reviews, including penetration and vulnerabilities testing
- Mobile device application architecture and security
- Risk and threat assessments and cybersecurity regulatory requirements
- Experience in static and dynamic code analysis tools and methodologies
- Must have the ability to understand and analyze PCAP, CVSS, and MITRE
- Expertise in Agile team settings and can work with at least one of the common frameworks
- Experience in Healthcare and/or Medical Device industry or other heavily regulated industries
- Understanding of national and international laws, regulations, and policies related to regulated medical device cybersecurity
- Experience with container technologies such as Docker, Kubernetes, Mesos, or Open Container Initiative (OCI)
- Demonstrated ability to develop and grow productive, trusting, and open relationships with a wide variety of constituencies and stakeholders
|