Job Overview
About the Position
Overview
This position is part of the Chief Information Security Officer Group (CISO Group), with worldwide responsibility for cybersecurity for IT, business systems, the network with extends to affiliates and security of products and services. Reporting to the Lead of the Red Team Testing, and day-to-day supervision by a Product Cybersecurity Engineer. The primary responsibility of the position involves ethical hacking, white box, blackbox and pen testing products and IT systems. The role requires a deep understanding of current and emerging cybersecurity threats in the IVD market, as well as the ability to develop, implement and test robust security solutions. Initial focus is for transplant and transfusion family of Werfen medical devices.
Responsibilities
Key Accountabilities
- Ethical hacking/penetration testing:
- Perform black-box penetration testing on complex applications and web-based products
- Perform white-box penetration testing on medical devices and/or the supporting software connectivity tools
- Analyze and exploit hardened applications and operating systems
- Perform basic network analysis and attacks such as ARP poisoning, packet replay, and DNS spoofing
- Analyze and exploit advanced external hardening configuration of a cloud solution
- Perform basic cracking techniques
- On-market vulnerability testing and submissions to FDA and US Department of Defense
- Execute manual and automated monthly vulnerability testing and reporting evidence
- Continuous learning for new cyber techniques, evolving cyber requirements for medical devices and supporting infrastructure
Networking/Key relationships Able to identify and resolve common legal issues and build strong relationships with other global business stakeholders, including IT, HR, Marketing, Product Privacy & Security, and other departments.
Qualifications
Minimum Knowledge & Experience required for the position: The qualifications required by the position are:
- Engineer, computer science or other technical degree, or equivalent work experience
- 5 year of experience that combine ethical hacking and penetration testing, producsecurity by design or medical device testing
The following work experience and qualifications are a plus:
- Strong knowledge of secure coding practices and product security best practices
- Certifications such as Certified Ethical Hacker (CEH)
- Solid knowledge on software testing process and methodology
- Knowledge on relevant standards such as ISO 27001 Knowledge of medical device cyber regulations applicable to FD&C Act 524B, FDA 510(k) submission, premarket approval (PMA)
Skills & Capabilities: The skills and capabilities required by the position are:
- Strong analytical and problem-solving skills to identify and address security challenges and vulnerabilities
- Effective communication skills to convey complex cybersecurity concepts to both technical and non-technical stakeholders
- Willingness to stay updated on the latest cybersecurity trends, threats, and technologies through continuous learning and professional development
- Ability to collaborate with cross-functional teams, share information, and work together to enhance overall cybersecurity posture
Travel requirements: Less than 10% of the time