This position is part of the Chief Information Security Officer Group (CISO Group), with worldwide responsibility for cybersecurity for IT, business systems, the network with extends to affiliates and security of products and services. Reporting to the Lead of the Red Team Testing, and day-to-day supervision by a Product Cybersecurity Engineer. The primary responsibility of the position involves ethical hacking, white box, blackbox and pen testing products and IT systems. The role requires a deep understanding of current and emerging cybersecurity threats in the IVD market, as well as the ability to develop, implement and test robust security solutions. Initial focus is for transplant and transfusion family of Werfen medical devices.
ResponsibilitiesKey Accountabilities
Ethical hacking/penetration testing:Perform black-box penetration testing on complex applications and web-based productsPerform white-box penetration testing on medical devices and/or the supporting software connectivity toolsAnalyze and exploit hardened applications and operating systemsPerform basic network analysis and attacks such as ARP poisoning, packet replay, and DNS spoofingAnalyze and exploit advanced external hardening configuration of a cloud solutionPerform basic cracking techniquesOn-market vulnerability testing and submissions to FDA and US Department of DefenseExecute manual and automated monthly vulnerability testing and reporting evidenceContinuous learning for new cyber techniques, evolving cyber requirements for medical devices and supporting infrastructureNetworking/Key relationships
Able to identify and resolve common legal issues and build strong relationships with other global business stakeholders, including IT, HR, Marketing, Product Privacy & Security, and other departments.
Minimum Knowledge & Experience required for the position:
The qualifications required by the position are:
The following work experience and qualifications are a plus:
Strong knowledge of secure coding practices and product security best practicesCertifications such as Certified Ethical Hacker (CEH)Solid knowledge on software testing process and methodologyKnowledge on relevant standards such as ISO 27001 Knowledge of medical device cyber regulations applicable to FD&C Act 524B, FDA 510(k) submission, premarket approval (PMA)
Skills & Capabilities:
The skills and capabilities required by the position are:
Travel requirements:
Less than 10% of the time
Software Powered by iCIMS
www.icims.com