Job Details

ID #5333172
Estado Massachusetts
Ciudad Andover
Tipo de trabajo Permanent
Salario USD TBD TBD
Fuente Draeger
Showed 2020-10-30
Fecha 2020-10-29
Fecha tope 2020-12-27
Categoría Seguridad
Crear un currículum vítae

Product Security Engineer-Contract - Cybersecurity-Embedded products - Draeger Medical Systems, Inc. - Job-ID V000003254

Massachusetts, Andover, 01810 Andover USA

Vacancy caducado!

What will you doAs an active member of product development cross functional teams, has responsibility for all program

cybersecurity deliverables per process. Participates in architecture/design reviews and threat modeling

activities, helping to identify risks in new and existing products/systems. Works with engineering

teams on how to best address individual cybersecurity vulnerabilities identified during threat modeling

and other review activities. Complies with all internal and external processes.

1 Conduct monthly Nessus scans and report out results to maintain our DoD RMF certification. Perform both pre and post release threat and vulnerability testing (pen testing, fuzz testing, etc.) looking for unmitigated cybersecurity threats/vulnerabilities in our products.

2 Create and release all Draeger process required program cybersecurity documents, and draft Manufacturer Disclosure Statements for Medical Device Security (MDS2) documents. Draft responses to customer requested cybersecurity documents/inquiries.

3 Perform all work in compliance with all internal and external cybersecurity processes and regulations.

4 Participate in threat modeling activities and architectural/design reviews to help identify possible cybersecurity vulnerabilities. Provide design guidance and potential mitigation solutions on identified vulnerabilities.

5 Review Software Bill of Materials (SBOM) looking for newer versions of listed software items. For new versions, review and evaluate updates to identify any items that were released that address security vulnerabilities, scoring and documenting the results.

6 Draft customer facing cybersecurity advisories when new cybersecurity vulnerabilities are discovered in released products where Draeger is required to notify publicly of such vulnerability.

7 Participate in post market release team reviews of cybersecurity field complaints, providing input on severity and probability scoring for each identified vulnerability.

Who you are

Education:

BS Cybersecurity, Computer Science or other technically related field.

Related Experience:

2-5 years of practical application security work experience, including some or all of the following: source code auditing, penetration testing, product assessments, vulnerability research, and reverse engineering.

Experience Securing a physical product that contains embedded software

Experience using the Microsoft Threat Modeling tool Excellent attention to detail, quality, and customer satisfaction. Strong analytical, organizational, and technical writing skills. Windows and Linux operating systems knowledge

Special Competencies or Certifications:

CompTIA Security+

CISSP: Certified Information Systems Security Professional

CEH: Certified Ethical Hacker

Working knowledge of ISO 14971

Knowledge of IT strategy, and enterprise/security architecture

Security concepts related to DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies

Firewall and intrusion detection/prevention protocols

Secure coding practices, ethical hacking and threat modeling

TCP/IP, computer networking, routing and switching

Understanding of Network security architecture

Knowledge of DoD STIGs

Vacancy caducado!

Suscribir Reportar trabajo