Cybersecurity Specialist

'The main issue was we needed someone who thinks like an engineer and willing to focus on secure product design, documentation, and maintaining the security of the devices. I think we end up with a lot of security IT people who are used to monitoring network infrastructure and things like that vs. thinking about building a product with secure features.'

HM's Top Need

• Background in security (education and/or certifications)
• Willingness to create and maintain documentation
• Excellent communication skills and willingness to work with less technical team members to understand security concepts
  
  

Education Required: Bachelors

Years’ Experience Required: 2

Location: Lafayette, Colorado – 4 days in office per week.

Education Required: Bachelor's degree related to computer science or cybersecurity

Years’ Experience Required: 2 or more

Title: Cybersecurity Specialist

Job Description

The Acute Care & Monitoring group develops products that are designed to collect patient information from around the hospital and ensure that caregivers can make the right decisions at the right time. We strive to improve patient outcomes by ensuring that when a problem emerges at the bedside, caregivers are aware of it and can respond quickly. We analyze and learn from patient data to find better ways to provide quality care for patients. Our products are deployed in care facilities across the globe and help to save and improve lives every day. A career here is like no other. We’re purposeful. We’re committed. And we’re driven by our Mission to alleviate pain, restore health and extend life for millions of people worldwide.

This position is primarily responsible for supporting pre-market project teams in building security deliverables. You will work with R&D teams to help them understand how to build products securely by design and how to maintain their security for their product lifetime.

Top 3 Tasks or Responsibilities in scope for this role:

• Working with medical device product teams to build security deliverables and documentation
• Building and updating SBOMs
• Building threat models for medical devices
  
  

Top 3 things the manager is looking for in a candidate:

• Experience with threat modeling
• Experience with SBOMs (Software Bill of Materials)
• Experience with CVSS scoring
  
  

Travel: N/A

Position Responsibilities

• Build threat models for products and assess threats for risk and possible mitigations
• Build SBOMs for products and review their accuracy
• Review and interpret CVEs for impact on products
• Review and interpret penetration testing results
• Work with technical experts and product owners to measure risk associated with vulnerabilities
• Document risk assessments
• Recommend mitigations for security risks
  
  

Minimum Qualifications

• Bachelor’s degree in computer engineering, software engineering, cybersecurity, computer science, or related field
• 2 years of experience in a cybersecurity-related role
• Experience with networking concepts
• Effective communication both verbally and in written form
• Experience with threat modeling tools, such as Microsoft Threat Modeling Tool
• Experience with vulnerability monitoring tools such as Dependency-Track
• Experience with using the NVD
• Familiarity with the CycloneDX SBOM specification
• Experience with CVE interpretation
• Experience with CWE interpretation
• Experience with CVSS scoring methodology
• Experience explaining technical concepts to non-technical individuals
• Familiarity with FDA Pre and Post-market guidance
• Familiarity with the OWASP Top 10
• Familiarity with standards such as IEC 81001-5-1 and IEC 62304