Previous Job
Previous
Cyber Security Engineer
Ref No.: 21-00081
Location: Burlington, Massachusetts
Job Role: Cyber Security Engineer
Location: Burlington, MA(Remote)
Duration: Long Term

Job Description:

Primary Responsibilities:
  • Optimize product/system security by creating and reviewing software architecture and detailed design solutions that reflect best practices.
  • Identify and implement software improvements needed to effectively protect against and respond to known and emerging cybersecurity threats.  
  • Perform or support security testing such as penetration tests, fuzz testing, and internal/external audits.  Coordinate remediation as necessary.  
  • Work with Software Development, Systems Engineering, Product Security, and other stakeholders to develop cybersecurity controls.  
  • As a team member, contribute significantly to completion of various project activities, from definition, identifying software functional requirements, implementation, code reviews, and final release according to medical device development processes  
Preferred Qualifications:  
  • Master's Degree in Engineering (Computer, Electrical, Computer Systems, or Software), Computer Science, or related discipline  
  • Experience in Linux system administration on RHEL or similar distributions  
  • Well versed in FDA Cybersecurity Guidance, GDPR, and NIST  
  • Familiar with DISA STIG assessment and implementation for Linux and/or Windows systems  
  • Knowledge of secure programming practices  
  • Experience in threat modeling, cybersecurity risk assessment, or Off The Shelf Software (OTS) assessment  
  • Cybersecurity certification such as CISSP, CSSLP, or similar  
  • Knowledge of 62304 and other standards applicable to Class II and Class III medical devices

Required Qualifications:
  • Bachelor's Degree in Engineering (Computer, Electrical, Computer Systems, Systems, or Software), Computer Science, or related discipline
  • 1-3 years of cybersecurity engineering, software engineering design and development, or systems administration experience  
  • Experience in assessing and remediating cybersecurity vulnerabilities
  • Demonstrated knowledge and experience working with Java, Microservices, C++, Python, Perl, or Shell  
  • Experience with OpenSSL, TLS mutual authentication, digital signatures, certificate management  
  • Previous experience working in a regulated industry such as automotive, aerospace, healthcare, or defense  
  • Excellent verbal and written communication skills, with ability to communicate to all levels of the organization  
  • Demonstrated knowledge and experience working with Java, Microservices, C++, Python, Perl, or Shell  
  • Experience with OpenSSL, TLS mutual authentication, digital signatures, certificate management  
  • Previous experience working in a regulated industry such as automotive, aerospace, healthcare, or defense  
  • Excellent verbal and written communication skills, with ability to communicate to all levels of the organization  
  • Work with Client Security team to understand policies and processes associated with on premise services.  Clear understanding of expectations based on hosting location.
  • Work with CLIENT Security team to identify and understand policies and processes with solutions cloud hosted.  Clear understanding of expectations based on hosting location.  
  • Evaluate current on prev/existing architecture to determine alignment and gaps based on identified policies provided by CLIENT Security team which should align to security, regulatory, compliance, etc…
  • Understand core security services offered by internal service providers based on hosting models and defined policies.  
  • Identify requirements for cloud hosted solutions regardless of implementation method based on industry based best practices.  Should be based of threat models and risk based approach.  
  • Review base architecture and services offered as part of the default cloud footprint provided by corporate services. 
  • What capabilities from incident and security incident response process does Client have today?  How can that be leveraged in cloud scenarios?
  • Work with infrastructure to understand what technology services are applied to on prem and cloud solutions as part of the Corporate IT services.
  • Establish or refine security incident management process.  Should consist of a "playbook” with defined plays based on exploit.  If available, should utilize established process and modify based on solution and scenarios.  
  • Review the current SDLC process specifically around security (static and dynamic) scanning to ensure alignment with best practices.  Recommendations on go forward changes to process.    
  • Identify identity requirements while working with Systems Team given the proposed solution and assumed localization requirements.  Should include but not limited to Data sovereignty requirements,
  • Provisioning and de-provisioning requirements, Self service capabilities and requirement around association.  
  • Metadata requirements for identity types
  • Review current vulnerability and penetration test capabilities and processes and make recommendations on changes to support cloud hosted solutions in alignment with identified best practices.