Principal Product Cybersecurity Engineer

Job Description

Under direction of the Executive Director of Systems Engineering, this position is responsible for leading the cybersecurity design, development, documentation and execution of product design and test strategies and meet the published system requirements and are compliant with Quality System Regulations.

Job Duties

• Coordinates and drives product development and implementation teams in the requirements, specification, development, verification, and deployment of security measures in new, currently marketed, and legacy products, which run Linux or Windows operating systems.
• Proposes solutions and defines the technical direction for product security development efforts. Shares responsibility for ensuring secure architecture designs.
• Owns the development and execution of security plans and product security specifications for new products.
• Performs vulnerability scans on software prior to release.
• Leads cybersecurity risk management activities, including threat modeling and vulnerability assessments. Works with the product team to specify risk controls based on the calculated CVSS scores.
• Participates in design and code reviews to identify security-related issues and recommends design changes as appropriate.
• Assists development teams in penetration and fuzz testing of new products containing software.
• Implements security code and configuration within products and supporting infrastructure.
• Responsible for customer-facing product security documents such as MDS2 forms (Manufacturer Disclosure Statement for Medical Device Security).
• Provides support on product security issues and questions that are escalated to Engineering.
• Develops awareness of security concerns, shares best engineering practices, and creates/updates procedures to ensure compliance.
• Assists with creating and maintaining facility-level procedures and work instructions for the cybersecurity program.
• Coordinates the response to cybersecurity incidences.
• Supports product teams in implementing and verifying security measures by providing guidance, helping to establish security measures, and applying appropriate tools.
• Champions continued improvement of security-related processes and tools. Collaborates with other facilities and corporate to facilitate improvements.
• Provides training on product security to internal teams.
• Continuously expands knowledge and expertise in cybersecurity.
• Remains abreast of the evolving regulatory guidance, legislation, and industry standards applicable to medical device and healthcare IT cybersecurity (e.g., CVSS, ISO, IEC, NIST, AAMI, FDA, HIPAA, GDPR, DoD RMF guidance/standards).
• Identifies and evaluates new technologies and tools related to security.
• Proposes solutions and helps define the future technical direction for product security.

Job Qualifications

Required:

• BS Degree in Computer Science, Information Assurance, Computer Networking, and other related fields. Cybersecurity Bootcamp graduates with a bachelor’s degree in other areas will be considered
• Minimum 9 years of professional experience within Information Technology, Software Development or related field. Must have proven Linux and networking/infrastructure experience.
• Minimum 7 years of working knowledge and understanding of security engineering, system and network security, authentication and application security. Including multiple combinations of the following: Software development processes and secure coding; Developing security procedures and product security specifications; Secure web and server-side application development Identity management, authentication, DDKG, cryptography, and encryption, including data encryption in transfer and at rest; System administration and network security, including firewalls, VPNs, SSH, Site-to-Site tunnels, and network certificates Vulnerability/penetration testing TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols.

Preferred:

• General knowledge of medical device standards, security standards and test methods.
• Strong Analytical and problem solving skills.
• Self-motivated person that can work individually and lead team projects.
• Ability to express ideas clearly both in written and oral communications.
• Ability to analyze technical requirements and develop well-structured solutions.

#LI-Hybrid