Cyber Security with Healthcare (12+ years)

About the position

The Cyber Security Lead position focuses on ensuring the security of healthcare software products and medical devices. This role involves conducting security assessments, penetration testing, and providing cybersecurity advisory services throughout the software development lifecycle. The position requires extensive experience in cybersecurity, particularly within the healthcare sector, and emphasizes the importance of risk management and threat modeling.

Responsibilities

• Conduct manual penetration testing of medical devices, software as a Medical Device (SaMD), and other healthcare software products & services
• Perform cybersecurity verification and validation (V&V) testing of the medical device or the healthcare product
• Utilize tools such as Veracode, Coverity, Black Duck, Burp Suite Pro, Postman, Tenable Nessus / Qualys, Nmap, Netsparker, Metasploit, SQLMap, Kali Linux tool suite and custom scripts through command line depending on the scope of the assessment to identify and/or exploit vulnerabilities and weaknesses
• Conduct security controls assessments and security risk assessments on new technologies and existing information systems in the Cloud and on-premise
• Responsible for secure product using risk analysis, threat modeling, source code analysis and penetration testing and vulnerability assessment
• Perform Cloud Infrastructure assessments e.g. AWS/ AZURE
• Provide cybersecurity advisory and support during the development stages of software systems, networks
• Manage comprehensive vulnerability management systems across all assets on-premise and in the Cloud
• Proactively implement security measures and controls within organizations, weighing the consequences of any action
• Protect system by defining access privileges, control structures, and resources
• Recognize problems by identifying abnormalities, report violations
• Implement security improvements by assessing current situation, evaluating trends, anticipating requirements
• Lead and manage the Cybersecurity team for the account
• Work closely with the client.

Requirements

• 12+ years of extensive working experience in security testing, cybersecurity audit/advisory/consulting
• In-depth knowledge of Application Security and Infrastructure Security
• Experience in healthcare or medical device security
• Expertise in Cyber Threat Intelligence, Threat Modelling, and Risk Management
• Proficiency in Network Penetration Testing, Vulnerability Assessment, and security product evaluation
• Good communication skills

Nice-to-haves

• Strong knowledge of the FDA Cybersecurity Risk Management Framework (RMF)
• Knowledge of HIPAA, GDPR, US DoD, and other relevant cybersecurity compliance criteria
• Threat Modeling experience
• Expertise in Cloud Security and Application Security Architecture Review