Job Description
Responsibilities:
Conduct product cybersecurity risk assessments in regulated industries such as healthcare (medical and diagnostic devices).
Collaborate with R&D teams to develop secure architectures and implement security requirements, aligning with standard security frameworks like NIST 800-53.
Evaluate the security of products, software, and systems for compliance with applicable standards (ISO 27001, NIST, EU Directives, FDA, etc.).
Assess and identify the impact of changes, updates, or new regulations on existing and new products, guiding teams on necessary implementations.
Monitor and understand global cybersecurity standards, periodically reviewing for gaps and implementing them in Client SOPs and WIs.
Utilize threat modeling practices and tools (e.g., STRIDE, OWASP) to identify and mitigate security threats.
Conduct CVE vulnerability assessments using appropriate tools and practices.
Monitor and understand security threats to develop effective mitigation solutions.
Perform or support security testing, including penetration tests, and internal/external audits, coordinating remediation as necessary.
Collaborate with Systems Engineering, Software Development, Regulatory, and other stakeholders to develop and document cybersecurity controls.
Execute tests to identify system and security vulnerabilities.

Qualifications:
10+ years of industry experience in the design and development of application software, with at least 5+ years in cybersecurity for medical devices
Bachelor's degree in engineering (Computer, Electrical, Computer Systems, Systems, or Software) or a related discipline.
Experience in product cybersecurity risk assessments in regulated industries like healthcare.
Proficiency in threat modeling practices and tools (e.g., STRIDE, OWASP).
Strong experience in vulnerability assessments, tools, and practices.
Proven ability to monitor and understand security threats and develop mitigation solutions.
Experience in performing or supporting security testing and coordinating remediation efforts.

Technical Skills:
Experience with security tools and technologies, including firewalls, intrusion detection/prevention systems (IDS/IPS), and antivirus software.
Experience with cybersecurity challenges and solutions specific to Software as a Medical Device (SxMD) products.
Knowledge of encryption technologies and secure coding practices.
Familiarity with network security protocols and technologies (e.g., SSL/TLS, VPNs, IPsec).
Experience with cloud security and securing cloud-based applications and infrastructure.
Understanding of secure software development lifecycle (SDLC) practices.
Experience with security information and event management (SIEM) systems.
Knowledge of regulatory requirements and standards specific to medical devices (e.g., HIPAA, GDPR).
Proven track record of securing medical device software and hardware against vulnerabilities and threats.
Experience in ensuring compliance with medical device cybersecurity regulations and standards (e.g., FDA premarket and postmarket cybersecurity guidance).

DivIHN is an equal opportunity employer. DivIHN does not and shall not discriminate against any employee or qualified applicant on the basis of race, color, religion (creed), gender, gender expression, age, national origin (ancestry), disability, marital status, sexual orientation, or military status.