Job Directory Product Cyber Security Engineer

Product Cyber Security Engineer
Acton, MA

Companies like
are looking for tech talent like you.

On Hired, employers apply to you with up-front salaries.
Sign up to start matching for free.

About

Job Description

Position Summary

The Product Cyber Security Engineer will be responsible for defining and delivering cyber security engineering services in support of Insulet's Medical Device Products. This Engineer drives the continuous maturity of Insulet's Medical Device Cyber Security program through the implementation of a Secure Software Development Lifecycle (S-SDLC) program that enables continuous identification and remediation of potential threats and risks in source code and application architectures.

Responsibilities

* Provide managed and repeatable application security engineering services in support of Medical Device Products
* Support the development and testing of standard cybersecurity design requirements for Medical Device Products
* Support the publication of documentation related to the management of cyber security in medical devices for 510, DeNovo, and PMA submissions
* Support the management of post market cyber security in medical devices VIA;
* Identification of assets, threats, and vulnerabilities
* Assessment of the impact of threats and vulnerabilities on device functionality and end users/patients
* Assessment of the likelihood of a threat and vulnerability being exploited
* Determination of risk levels and suitable mitigation strategies
* Assessment of residual risk and risk acceptance criteria


* Support best practice medical device cyber security incident management process (ISO 29147/30111)
* Development and maintenance of secure system threat models for all Medical Device Products
* Development and maintenance of application risk registers for all Medical Device Products
* Development, implementation, training, and maintenance of S-SDLC program
* Lead ad-hoc cybersecurity application and API penetration testing efforts
* Lead continuous application cybersecurity vulnerability assessment efforts
* Lead Static and Dynamic application security testing (SAST & DAST) efforts
* Support the identification, development and maintenance of Identity and Access Management solution for consumer and patient identity
* Evaluation and documentation of cybersecurity posture of applications by leveraging standard and repeatable procedures informed by industry best practice guidance (NIST Cybersecurity Framework, NIST Risk Management Framework, NIST 800-53, NIST 800-63, NIST 800-64, NIST 800-124, NIST 800-144, ISO 2700x, etc.)
* Evaluate and document vendor software solutions, especially technical integrations to confirm they meet corporate and technology security standards and guidelines
* Provide innovation and creativity to mitigate business or technical cyber security issues.
* Ensures compliance with all regulatory, audit, security, and risk management requirements.

Education and Experience

* Bachelor's degree or higher, or substantial verifiable experience in one or more of the following areas:
* Application development
* Application security engineering
* Application penetration testing
* Relevant Military Service Positions (Army 17c, Army 25d, Army 255s, Air Force 1b4x, Navy Cryptologic Technician)


* Strong knowledge of advanced cryptographic principles required
* Knowledge of web and mobile application architecture patterns, concepts, distributed environments, and database technologies.
* Relevant security certifications (CISSP, CEH, etc.) a plus
* Relevant development certifications (AWS, Scrum, etc.) a plus

Professional Experience

* Enterprise Application Development
* Mobile Application Development (iOS and Android)
* Secure Networking Stack
* Secure Software Development Lifecycle
* Application penetration testing
* Static Application Security Testing
* Dynamic Application Security Testing
* Embedded system experience highly desirable
* API hardening highly desirable
* Application hardening highly desirable
* Relational, Realm, and NoSQL Databases a plus
* CRM and data integration experience a plus
* IAM experience a plus
* Data integration technologies (RESTful, SOAP, etc.) a plus

Skills / Competencies

* Practical experience of OWASP, CVSS3.0, STRIDE framework, CVE and CWE required
* Practical experience with AAMI TIR57:2016 required
* Practical experience with Android and iOS development techniques and patterns required
* Strong communication and interpersonal skills. Ability to communicate ideas clearly and efficiently across technical and non-technical audiences, displays active listening skills, and communicates effectively and efficiently.
* Ability to prioritize multiple tasks and develop innovative solutions to meet project expectations without compromising good design.
* Ability to create and maintain threat modelling, architecture, and data flow diagrams.
* Strong understanding of encryption, cryptography, and secrets (key) management
* Cloud Compute Infrastructure (AWS, Azure)
* Security Threat Modeling
* Tools:
* IDE's (Eclipse, Android Development Studio)
* Atlassian development and collaboration tools (BitBucket, Bamboo, Jira, Confluence)
* SAST Platforms (Veracode, Checkmarx)



Travel / Schedule

* Role may require up to 25% travel North American as necessary

Let your dream job find you.

Sign up to start matching with top companies. It’s fast and free.