Advanced Cybersecurity Engineer

As the Advanced Cybersecurity Engineer, you will be an integral member of the Operating Room Integration (ORI) Software Team and will work with cross-functional teams to help ensure that our medical devices and healthcare applications, services, websites and mobile applications are designed, developed and implemented to the highest security standards required for the products. You will apply your subject matter expertise in developing security related product requirements and design specifications. You will analyze the security of our products, applications and services, discovering and addressing security issues and quickly reacting to new threat scenarios. You will recommend security and software solutions for future product development. You will help foster awareness in our department and cross functional partners of security-related concerns in our products and will help create procedures and training plans to continuously build competency of staff. A successful candidate will need a combination of troubleshooting, technical, and communication skills, as well as the ability to handle a mix of disparate tasks which may include project work, software development and escalation support.

*This position can be located in Mentor, Ohio or Hauppauge, NY and is eligible for a hybrid work schedule.

• Ensures compliance with relevant regulatory guidance on cybersecurity and works to implement industry best practices.
• Establishes and maintains local work instructions related to cybersecurity. Participates in the development and maintenance of the corporate cybersecurity program.
• Leads the response to cybersecurity incidents.
• Ensures cybersecurity documentation is maintained as per internal procedures and regulatory requirements.
• Leads or facilitates product and cyber security risk assessments to ensure appropriate and traceable control measures implemented in the product to mitigate security risks.
• Responsible for working with, Regulatory, Corporate IT and 3rd party testing agencies to ensure product adherence to latest industry security standards and perform security vulnerability and penetration testing on our products
• Responsible for product security documents for customers such as MDS2 forms (Manufacturer Disclosure Statement for Medical Device Security) and/or technical guides that describe product security characteristics and processes used to ensure a secure product.
• Coordinates with the product development and implementation teams in the specification, development, verification and deployment of security measures in both new and currently marketed products
• Work as a collaborative member within engineering teams and other functions such as Quality, Regulatory, Marketing, and Corporate IT, while also establishing your subject matter expertise in product security.
• Shares responsibility for ensuring secure architecture designs.
• Determines required tasks and completes on time with minimal supervision. Identifies problems and formulates solutions to complex and ambiguous product and/or network related security problems.
• Participates in design and code reviews to identify security-related issues and recommend design changes as appropriate.
• Proposes solutions and defines technical direction for product security development efforts.
• Owns the development and execution of security plans, threat modeling and product security specifications.
• Provides support on product security issues when escalated to R&D.
• Develops awareness of security concerns and shares best engineering practices
• Supports project teams in implementing and verifying security measures by providing guidance, helping to establish security measures and applying appropriate tools.
• Collaborates with other business units and corporate IT in the development and implementation of security-related practices and procedures while sharing best practices and helping to drive security related initiatives.
• Champions continued improvement of security-related processes and tools.
• Assists with creating department procedures and work instructions for implementing appropriate design techniques for the development of medical device systems.
• Provides training on good design techniques to improve product security to internal teams.
• Continuously expands knowledge and expertise in cybersecurity
• Assists with researching and evaluating best practices in designing secured systems, attending conferences and classes.
• Proposes solutions and helps define future technical direction for product security.
• Serves as a contact point for security solution vendors.
• Evaluates the security regulations for new markets.

Required:

• Bachelor's Degree in Computer Science, Information Assurance, Computer Networking or other related technical fields
• Minimum 8 years of working knowledge and understanding of security engineering, system and network security, authentication, network and web related protocols, cryptography, or application security, including multiple combinations of the following:
  Vulnerability assessment and risk analysis
  Software development processes and secure coding
  Threat modeling for products
  Developing security procedures and product security specifications
  Secure web and server-side application development
  SOAP and REST web services
  Identity management, authentication, cryptography and encryption, including data encryption in transfer and at rest
  System administration and network security, including firewalls, VPNs, SSH, Site-to-Site tunnels, and network certificates
  Vulnerability/penetration testing
  Mobile applications and security
  TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols
• Cybersecurity experience within software new product development where multiple software products are being developed for external customers
• Minimum 5 years of experience programming in 3 or more of the following: Java, JavaScript, C#, C++, Ruby, etc.
• Experience deploying, securing, and managing applications on Linux-based operating systems (e.g., Red Hat, Rocky Linux) within Azure environments; familiarity with multiple OS platforms preferred.
• Experience managing and securing Linux-based web servers (Apache, NGINX) on Linux environments, including configuration, hardening, and troubleshooting. Familiarity with developing and securing RESTful APIs is a plus.
• Experience with database products such as SQL Server, MySQL, etc...
• Experience with secure design, configuration and installation of networked devices such as servers, client PCs, NAS drives, and mobile devices, preferably on a hospital network
• Knowledge of various types of cyber-attacks and the appropriate defenses
• Use of development tools to facilitate and automate the analysis of software systems and code for security deficiencies
• Documentation experience in a highly regulated environment
• Experience in a highly regulated environment such as defense or aerospace

Preferred:

• Experience within the medical device industry
• Experience with cloud computing platforms and services
• Certificates and training in cyber security and software security
• Experience with Windchill PLM
• Awareness of DOD RMF
• Awareness of GDPRKnowledge of the Internet of Things (IoT) and associated solutions like remote monitoring solutions

Other:

• Strong communication both oral and written, problem-solving and trouble shooting skills
• Awareness of HIPAA/PCI compliance

We value our employees and are committed to providing a comprehensive benefits package that supports your health, well-being and financial future.

Here is a brief overview of what we offer:

Market Competitive Pay
Extensive Paid Time Off and (9) added Holidays
Excellent Healthcare, Dental and Vision Benefits
Long/Short Term Disability Coverage
401(k) with a company match
Maternity and Paternity Leave
Additional add-on benefits/discounts for programs such as Pet Insurance
Tuition Reimbursement and continued education programs
Excellent opportunities for advancement in a stable long-term career

#LI-KK1