Senior Cyber Security Manager

Job Description

Under direction of the Executive Director of Systems Engineering, this position is responsible for managing the cybersecurity team through the design, development, documentation and execution of product design and test strategies. Ensuring the team meets the published system requirements and are compliant with Quality System Regulations.

As a Senior Cyber Security Manager in OSTA, you will join our systems team to help manage, coach, and lead our cyber security team to ensure that the products comply to IEC81001-1-5. In this role, you will work together with the Cyber Security CoE team, the Cyber Security team within quality and the design teams within OSTA to deliver all required documentation for product release. It is expected that you utilize your full range of skills including people management, Cyber Security analysis and test methods and partnerships to dive harmonization of tools and methods across all regions.

Job Duties

• Coach, manage, lead and grow a talented team of cyber security engineers in the US and India that consistently delivers on projects.
• Provide support and be the interface to the CoE team supporting all workstreams relating to the Cyber Security corporate strategy.
• Support the policy definition with all regions.
• Coordinates and drives product development and implementation teams in the requirements, specification, development, verification, and deployment of security measures in new, currently marketed, and legacy products, which run Linux or Windows operating systems.
• Support all vendors in ensuring delivery of their cyber security deliverables.
• Proposes solutions and define the technical direction for product security development efforts. Shares responsibility for ensuring secure architecture designs.
• Owns the development and execution of security plans and product security specifications for new products.
• Performs vulnerability scans on software prior to release.
• Leads cybersecurity risk management activities, including threat modelling and vulnerability assessments. Works with the product team to specify risk controls based on the calculated CVSS scores.
• Participates in design and code reviews to identify security-related issues and recommends design changes as appropriate.
• Evaluate and harmonize tools:  e.g. Veracode, Black Duck, Cybellum, Polaris, Cyclone DX, SASI, DAST, Splunk, Qradar.
• Assists development teams in penetration and fuzz testing of new products containing software.
• Implements security code and configuration within products and supporting infrastructure.
• Responsible for customer-facing product security documents such as MDS2 forms (Manufacturer Disclosure Statement for Medical Device Security).
• Provides support on product security issues and questions that are escalated to Engineering.
• Develops awareness of security concerns, shares best engineering practices, and creates/updates procedures to ensure compliance.
• Assists with creating and maintaining facility-level procedures and work instructions for the cybersecurity program.
• Coordinates the response to cybersecurity incidences.
• Supports product teams in implementing and verifying security measures by providing guidance, helping to establish security measures, and applying appropriate tools.
• Champions continued improvement of security-related processes and tools. Collaborates with other facilities and corporate to facilitate improvements.
• Provides training on product security to internal teams with the support of the CoE.
• Continuously expands knowledge and expertise in cybersecurity.
• Remains abreast of the evolving regulatory guidance, legislation, and industry standards applicable to medical device and healthcare IT cybersecurity (e.g., CVSS, ISO, IEC, NIST, AAMI, FDA, HIPAA, GDPR, DoD RMF guidance/standards).
• Identifies and evaluates new technologies and tools related to security.
• Works with other regions to harmonize approach across all regions
• Proposes solutions and helps define the future technical direction for product security.

Job Qualifications

Required:

• BS Degree in Computer Science, Information Assurance, Computer Networking, and other related fields.
• Cybersecurity Bootcamp graduates with a bachelor’s degree in other areas will be considered.
• A minimum of 10 years of professional experience within Information Technology, Software Development or related field. Must have proven Linux and networking/infrastructure experience.
• Minimum 7 years of working knowledge and understanding of security engineering, system and network security, authentication and application security. Including multiple combinations of the following: 
  • Software development processes and secure coding,
  • Developing security procedures and product security specifications,
  • Secure web and server-side application development,
  • Identity management, authentication, DDKG, cryptography, and encryption, including data encryption in transfer and at rest,
  • System administration and network security, including firewalls, VPNs, SSH, Site-to-Site tunnels, and network certificates,
  • Vulnerability/penetration testing,
  • TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols.

Preferred:

• People leader, who resources look to follow.
• General knowledge of medical device standards, security standards and test methods.
• Strong Analytical and problem-solving skills.
• Self-motivated person that can work individually and lead a team of cyber security engineers.
• Ability to express ideas clearly both in written and oral communications.
• Ability to analyze technical requirements and develop well-structured solutions.