Manager, Product & Platform Cybersecurity Engineering

About The Position

Requirements

• Bachelors Degree in Software Engineering, Computer Engineering, Electrical Engineering or related technical degree required.
• 10+ years of product software development experience.
• 5+ years new product development cybersecurity experience.
• 2+ years managing a team in a new product development (NPD) or Cybersecurity capacity.
• Experience working in a highly regulated industry, ie: Medical Device, Automotive, Aerospace, etc.
• Working knowledge and understanding of security engineering, system and network security, authentication, network and web-related protocols, cryptography, or application security
• Software development processes and secure coding
• Developing security procedures and product security specifications
• Vulnerability/penetration testing
• TCP/IP, UDP, HTTP, HTTPS, routing protocols
• Experience with secure design, configuration, and installation of networked devices such as servers, client PCs, NAS drives, and mobile devices, preferably on a hospital network.
• Use of development tools to facilitate and automate the analysis of software systems and code for security deficiencies.

Nice To Haves

• Medical device industry experience.
• Secure web and server-side application development; REST or GraphQL web services.
• Identity management, authentication, DDKG, cryptography, and encryption, including data encryption in transfer and at rest.
• Experience with system administration and network security, including firewalls, VPNs, SSH, Site-to-Site tunnels, and network certificates.
• Hardening Linux systems to DoD RMF standards.

Responsibilities

• Coordinate with the product development, implementation and CPE teams in the specification, development, verification, and deployment of security measures in new, currently marketed, and legacy products, which run Linux, Windows, or embedded operating systems.
• Propose solutions and defines the technical direction for product security development efforts. Shares responsibility for ensuring secure architecture designs.
• Own the development and execution of security plans and product security specifications for new and legacy products.
• Lead cybersecurity risk management activities, including threat modeling and vulnerability assessments.
• Work with the product team to perform vulnerability scans, assessments, and specify risk controls on software prior to release.
• Participate in design and code reviews to identify security-related issues and recommends design changes as appropriate.
• Coordinate with development teams in penetration and fuzz testing and third-party attestations of cyber devices.
• Implement secure code and server configuration practices within products and supporting infrastructure.
• Responsible for customer facing product security documents such as MDS2 forms (Manufacturer Disclosure Statement for Medical Device Security) and medical device security labelling.
• Provide level 3 support on product security issues and questions that are escalated to Engineering.
• Facilitate product security incident response and coordinated vulnerability disclosure.
• Develop awareness of security concerns, shares best engineering practices, and creates/updates procedures to ensure compliance.
• Continuously expands broader team knowledge and expertise in cybersecurity.

Benefits

• Market Competitive Pay
• Extensive Paid Time Off and (9) added Holidays
• Excellent Healthcare, Dental and Vision Benefits
• Long/Short Term Disability Coverage
• 401(k) with a company match
• Maternity and Paternity Leave
• Additional add-on benefits/discounts for programs such as Pet Insurance
• Tuition Reimbursement and continued education programs
• Excellent opportunities for advancement in a stable long-term career