Product Security Engineer-Contract - Cybersecurity-Embedded products - Draeger Medical Systems, Inc.

Vacancy caducado!

What will you doAs an active member of product development cross functional teams, has responsibility for all programcybersecurity deliverables per process. Participates in architecture/design reviews and threat modelingactivities, helping to identify risks in new and existing products/systems. Works with engineeringteams on how to best address individual cybersecurity vulnerabilities identified during threat modelingand other review activities. Complies with all internal and external processes.1 Conduct monthly Nessus scans and report out results to maintain our DoD RMF certification. Perform both pre and post release threat and vulnerability testing (pen testing, fuzz testing, etc.) looking for unmitigated cybersecurity threats/vulnerabilities in our products.2 Create and release all Draeger process required program cybersecurity documents, and draft Manufacturer Disclosure Statements for Medical Device Security (MDS2) documents. Draft responses to customer requested cybersecurity documents/inquiries.3 Perform all work in compliance with all internal and external cybersecurity processes and regulations.4 Participate in threat modeling activities and architectural/design reviews to help identify possible cybersecurity vulnerabilities. Provide design guidance and potential mitigation solutions on identified vulnerabilities.5 Review Software Bill of Materials (SBOM) looking for newer versions of listed software items. For new versions, review and evaluate updates to identify any items that were released that address security vulnerabilities, scoring and documenting the results. 6 Draft customer facing cybersecurity advisories when new cybersecurity vulnerabilities are discovered in released products where Draeger is required to notify publicly of such vulnerability.7 Participate in post market release team reviews of cybersecurity field complaints, providing input on severity and probability scoring for each identified vulnerability.

Who you are

Education:BS Cybersecurity, Computer Science or other technically related field.

Related Experience:2-5 years of practical application security work experience, including some or all of the following: source code auditing, penetration testing, product assessments, vulnerability research, and reverse engineering.

Experience Securing a physical product that contains embedded softwareExperience using the Microsoft Threat Modeling tool Excellent attention to detail, quality, and customer satisfaction. Strong analytical, organizational, and technical writing skills. Windows and Linux operating systems knowledge

Special Competencies or Certifications: CompTIA Security+ CISSP: Certified Information Systems Security Professional CEH: Certified Ethical Hacker Working knowledge of ISO 14971 Knowledge of IT strategy, and enterprise/security architecture Security concepts related to DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies Firewall and intrusion detection/prevention protocols Secure coding practices, ethical hacking and threat modeling TCP/IP, computer networking, routing and switching Understanding of Network security architecture Knowledge of DoD STIGs

ID	#5333172
Estado	Massachusetts
Ciudad	Andover
Tipo de trabajo	Permanent
Fuente	Draeger
Showed	2020-10-30
Fecha	2020-10-29
Fecha tope	2020-12-27
Categoría	Seguridad
	Crear un currículum vítae

Job Details

Product Security Engineer-Contract - Cybersecurity-Embedded products - Draeger Medical Systems, Inc. - Job-ID V000003254