Position: cyber security engineer
Location: Santa Clara - Onsite.

Type: w2

Description:

The cybersecurity engineer should have experience in analyzing, identifying, and measuring the security related threats and vulnerabilities for the protection of data, software application systems and device network connectivity, both on premise and in the cloud.

A successful candidate will play a key role in the planning and execution of security testing, including threat mitigation, vulnerability scanning, security requirements testing, and penetration testing. This individual will own the cybersecurity risk management process and documentation as required by FDA s medical device cybersecurity guidance and other applicable industry standards. The candidate must have excellent oral and written communication skills and work effectively as a team member in a highly collaborative and cross-functional setting.

Essential Duties and Responsibilities:

• Identify, analyze, and evaluate the threats and vulnerabilities existing in the data, software application systems and networks, both on premise and in the cloud.
• Own and drive cyber risk management documentation, including threat models, security architecture, cybersecurity risk assessment/estimation, vulnerability identification, security requirements/risk controls.
• Implement security requirements and risk control measures according to the cybersecurity risk assessments and security architecture.
• Perform vulnerability scans and testing, software composition analysis and penetration testing required by FDA s medical device cybersecurity guidance.
• Own creation of a security risk management process for both pre-market (during product development) and post-market.
• Responsible for writing or supporting the security-related testing documents including cybersecurity test plan, test protocols for threat mitigation, vulnerability testing and penetration testing, and related testing reports.
• Regularly participate into software design and development process to inject security by design throughout software development lifecycle.

Qualifications:

Required education and experience:

• A Bachelor s degree in Cyber Security, Computer Science, Software Engineering, or related major, advanced degree preferred
• 8 years of experience in cyber security or information security fields, medical device field preferred.
• Experience in identifying and characterizing security -related issues via the vulnerability testing and penetration testing.
• Experience in implementing the security methods, procedures, and practices to mitigate the threats and risks.
• Experience in cybersecurity standards and regulations applicable to medical devices.

Knowledge, Skills and Abilities:

• Demonstrated broad knowledge of information security frameworks and best practices, including vulnerability management, risk management, network intrusion detection, data, and endpoint protection technologies.
• Ability to write Security related documents such as threat models, cybersecurity risk assessments, security architectures, cybersecurity test plans, protocols, and reports.
• Ability to define cybersecurity requirements and propose design implementation options to ensure patient and proprietary data are reliable and secure in storage and transit.
• Ability to apply the industrial standards and regulatory guidance into practical work is a plus (knowledge of cybersecurity standards and regulations applicable to medical products such as United States Pre-Market and Post-Market Guidance, HIPAA, EUMDR, ISO 13485, IEC 60601-1, IEC 62304, ISO 14971, AAMI TIR 57, UL 2900-1, FDA guidance, ISO 27000 Series)
• Strong ability to work with time / date deadlines.
• Excellent analytical and problem-solving skills.
• Excellent verbal and written communication skills.

Knowledge of:

1. Linux and Windows - OS Admin level skills
2. Computer Networks

• Link-layer protocols: 802.3 (Ethernet/ARP), 802.1Q (VLANs), and 802.11 (Wi-Fi)
• Network-layer protocols: IP (IPv4, IPv6) and ICMP
• Transport layer protocols: TCP and UDP
• Application layer protocols: DNS, HTTP, HTTPS, DHCP, LDAP, FTP, SMTP, IMAP, POP, SSH, and Telnet, among others

1. Network Components

• Network switches, routers/gateways, firewalls, and virtual local area networks (VLANs)

o NAC (Network Access Controls), MAC (Media Access Control), MITM (Man in the middle) attacks

1. Web Communications and Web Application Security Technologies

• Register a web domain name, Map it to a Cloud-IP address, Create Secure Certificates for the Domain, and then use those certificates to secure web communication.

1. Write Test Scripts

• Python / Perl / Bash

1. 6. Cryptography and Hashes