Cybersecurity Specialist - Exempt

Title: Cybersecurity Specialist

Job Description:

The Acute Care & Monitoring group develops products that are designed to collect patient information from around the hospital and ensure that caregivers can make the right decisions at the right time. We strive to improve patient outcomes by ensuring that when a problem emerges at the bedside, caregivers are aware of it and can respond quickly. We analyze and learn from patient data to find better ways to provide quality care for patients. Our products are deployed in care facilities across the globe and help to save and improve lives every day. A career at Healthcare is like no other. We're purposeful. We're committed. And we're driven by our Mission to alleviate pain, restore health and extend life for millions of people worldwide.

This position is primarily responsible for supporting pre-market project teams in building security deliverables. You will work with R&D teams to help them understand how to build products securely by design and how to maintain their security for their product lifetime.

Top 3 Tasks or Responsibilities in scope for this role:

Working with medical device product teams to build security deliverables and documentation

Building and updating SBOMs

Building threat models for medical devices

Top 3 things the manager is looking for in a candidate:

Experience with threat modeling

Experience with SBOMs (Software Bill of Materials)

Experience with CVSS scoring

Travel: N/A

Position Responsibilities:

• Build threat models for products and assess threats for risk and possible mitigations
• Build SBOMs for products and review their accuracy
• Review and interpret CVEs for impact on products
• Review and interpret penetration testing results
• Work with technical experts and product owners to measure risk associated with vulnerabilities
• Document risk assessments
• Recommend mitigations for security risks
  
  

Minimum Qualifications:

• Bachelor's degree in computer engineering, software engineering, cybersecurity, computer science, or related field
• 2 years of experience in a cybersecurity-related role
• Experience with networking concepts
• Effective communication both verbally and in written form
• Experience with threat modeling tools, such as Microsoft Threat Modeling Tool
• Experience with vulnerability monitoring tools such as Dependency-Track
• Experience with using the NVD
• Familiarity with the CycloneDX SBOM specification
• Experience with CVE interpretation
• Experience with CWE interpretation
• Experience with CVSS scoring methodology
• Experience explaining technical concepts to non-technical individuals
• Familiarity with FDA Pre and Post-market guidance
• Familiarity with the OWASP Top 10
• Familiarity with standards such as IEC 81001-5-1 and IEC 62304
  
  

Responsibilities may include the following and other duties may be assigned. Responsible for the planning, design and build of security architectures; oversees the implementation of network and computer security and ensures compliance with corporate cybersecurity policies and procedures. Monitors cybersecurity requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related network devices. Performs security assessments of applications and systems using penetration and vulnerability testing and risk analysis. Function Specific: Specialize in understanding cyber adversary tactics, technics, and procedures in the interest of protecting Healthcare's network. Ability to detect and mitigate cyber incidents and vulnerabilities. Cyber defense operations, specialized penetration testing and threat Client & forensics as well as advanced security management skills. Development expertise in cybersecurity considerations to meet evolving cloud computing, web development and mobile device requirements. Technology: Using technologies, processes, and practices to protect computers, networks, programs and data from unauthorized access or attacks that are aimed for exploitation. Monitor and protect products and systems. SPECIALIST CAREER STREAM: Typically an individual contributor with responsibility in a professional discipline or specialty. Delivers and/or manages projects assigned and works with other stakeholders to achieve desired results. May act as a mentor to colleagues or may direct the work of other lower level professionals. The majority of time is spent delivering and overseeing the projects – from design to implementation - while and adhering to policies, using specialized knowledge and skills normally acquired through advanced education. DIFFERENTIATING FACTORS Autonomy: Established and productive individual contributor.Works independently with general supervision on larger, moderately complex projects / assignments. Organizational Impact: Sets objectives for own job area to meet the objectives of projects and assignments.Contributes to the completion of project milestones.May have some involvement in cross functional assignments. Innovation and Complexity: Problems and issues faced are general, and may require understanding of broader set of issues or other job areas but typically are not complex.Makes adjustments or recommends enhancements in systems and processes to solve problems or improve effectiveness of job area. Communication and Influence: Communicates primarily and frequently with internal contacts.External interactions are less complex or problem solving in nature.Contacts others to share information, status, needs and issues in order to inform, gain input, and support decision-making. Leadership and Talent Management: May provide guidance and assistance to entry level professionals and / or employee in Support Career Stream. Required Knowledge and Experience: Requires practical knowledge and demonstrated competence within job area typically obtained through advanced education combined with experience.2 years of experience with a high school diploma or equivalent.