Principal Cybersecurity Engineer

Boston Scientific - Arden Hills, MN

posted 5 months ago

Full-time - Principal
Arden Hills, MN
Miscellaneous Manufacturing

About the position

Boston Scientific is seeking a product cybersecurity engineer whose primary responsibility is to operationalize and support various cybersecurity activities. This includes understanding and documenting the security posture of the company's products, applications, and supporting infrastructure, as well as ensuring compliance with the Quality systems and processes. The cybersecurity engineer will assist in implementing the individual product cybersecurity plan, which is crucial for maintaining the integrity and security of medical devices and software. The ideal candidate must possess a combination of strong communication and technical skills to effectively implement and support the functional and technical aspects of the cybersecurity plan. Collaboration with a team of internal staff and consultants is essential to execute the components of the plan successfully. This role is part of the Urology Research and Development (R&D) organization, where the engineer will work alongside analysts, IT/R&D engineers, and architects to support pre and post-market product security activities. These activities include application security, vulnerability assessments, threat modeling, penetration testing, and security analysis tools, as well as addressing hospital cybersecurity inquiries and contract reviews. In this role, the engineer will support and manage applicable tools for pre and post-market security testing, ensuring their integration into quality processes. They will also be responsible for identifying known and unknown vulnerabilities associated with Boston Scientific's products, providing technical expertise to multiple teams to mitigate identified cybersecurity risks. Monitoring changes in security controls of products and updating the product inventory and tracking database is also a key responsibility, along with communicating updates to stakeholders. The engineer will support negotiations of hospital cybersecurity agreements by reviewing technical clauses with Legal and Research & Development subject matter experts, and will assist in security risk assessments and threat modeling services for Urology products throughout the product development life cycle.

Responsibilities

  • Support and manage applicable tools for pre and post market security testing; support integration of the tools into the quality processes.
  • Support post-market activities to identify known/unknown vulnerabilities associated with Boston Scientific's products, including new/sustaining products, providing inputs/technical expertise to multiple teams to eliminate/mitigate identified cybersecurity risks.
  • Monitor for change in security controls of products and update the product inventory and tracking database as needed and communicate to stakeholders.
  • Support negotiations of hospital cybersecurity agreements by reviewing technical clauses with Legal and Research & Development subject matter experts.
  • Support, as needed, security risk assessment and threat modelling services for Urology products businesses and product development life cycle.
  • Support, as needed, application security reviews and vulnerability/penetration testing of Boston Scientific's medical devices and software.

Requirements

  • Bachelor's degree or higher
  • 10+ years in Research & Development and/or Information Technology experience, or similar preferably in cybersecurity roles in medical device development or health care organizations.
  • Drive for learning cybersecurity and a passion for securing products.
  • Experience with vulnerability analysis of Windows and Linux operating systems as well as software.
  • Experience across various OS platforms such as Windows, MacOS, Linux, and Mobile (iOS, Android).
  • General understanding of cybersecurity techniques, controls, and methodologies from frameworks such as NIST Special Publications and ISO standards.

Nice-to-haves

  • Cybersecurity certifications (e.g. Network+, Security+, CSSLP, HCISPP, CEH, CISSP) a plus.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service