For further inquiries regarding the following opportunity, please contact one of our Talent Specialists Praveen | (630) 847 1027 and Harman | (630) 847 1397
Medical Device Cybersecurity Engineer
Location: Deerfield, Illinois
Duration: 12 months
Would prefer local candidates who can come into office as needed; if 100% remote, candidate will need to be very strong and willing to travel some % of the time if there is hardware analysis to be performed in a lab.
Seeking a Medical Device Cybersecurity Engineer, whose primary responsibility is to ensure the safety and security of the global corporation's medical devices, products, and applications. The candidate will perform the evolving medical device cybersecurity pre-market threat analysis and risk assessment, in accordance with the overall strategy, to make cybersecurity an integral component throughout the product development lifecycle for our medical device businesses.
The candidate must have an excellent combination of software development skills and knowledge in security principles to prioritize the functional/technical aspects of the solution, and then help the product teams to execute the implementation.
This role will work with a team of engineers, architects, and analysts cross multiple organizations, supporting cybersecurity feature prototyping, threat analysis, and penetration test finding/vulnerability assessment.
Implement Proof of Concept projects to define innovative security solutions, especially on embedded platforms.
Proactively drive the implementation of medical device cybersecurity functionalities that are part of the overall security architecture.
Assess security findings from various system validation activities. This includes Static Code Analysis and Penetration Test. Identify known/unknown vulnerabilities associated with Client's medical devices, and provide inputs/technical expertise to multiple teams to eliminate/mitigate identified cybersecurity risks.
Develop security tools that help to collect cyber threat intelligence, track emerging vulnerabilities in software, and enforce secure coding standards.
Support medical device cybersecurity certification programs such as UL 2900.
Perform internal security tests to validate security capabilities and compliance for medical devices.
Bachelor's computer science, engineering, mathematics, information management or related field required.
Working knowledge in Operating Systems such as Linux, iOS and Windows.
Knowledge in modern software development process and DevOps tools such as Jenkins, Git and Gerrit.
Prior experience working within the Healthcare Industry is preferred.
Some knowledge in cybersecurity standards such as NIST 800-53, ISO 27001, and FIPS 140-2 is preferred.
Awareness and strong interest in cybersecurity threat modeling/risk assessment methods such as STRIDE and CVSS3.1.
Proficient, concise and articulate verbal and written communication skills to convey cybersecurity risks to a wide range of audiences including customers, business teams, and technical partners.
Some experience or strong interest in IoT (Internet of Things) device development, especially in embedded platform security, device communication protocols, and cryptographic functions.
Work effectively in a team environment
Some experience in IoT device development or IT security including internship experience.
Experience in testing and implementing security controls for medical devices is strongly preferred
Some development experience with Linux and/or Windows.
Familiarity with common security functionalities implemented in OS kernel and network stacks. Capable of describing vulnerabilities that may exist in open source components, and inter-process communications.
Working or academic experience in OS hardening, common security controls such as host-based firewall and intrusion detection system.
Working Knowledge in security protocol stacks such as IPsec, TLS, OAuth, and SAML.
About us: DivIHN, the 'IT Asset Performance Services' organization, provides Professional Consulting, Custom Projects, and Professional Resource Augmentation services to clients in the Mid-West and beyond. The strategic characteristics of the organization are Standardization, Specialization, and Collaboration.
DivIHN is an equal opportunity employer. DivIHN does not and shall not discriminate against any employee or qualified applicant on the basis of race, color, religion (creed), gender, gender expression, age, national origin (ancestry), disability, marital status, sexual orientation, or military status.