Cybersecurity Specialist for Medical Devices

Job Title: Cybersecurity Specialist for Medical Devices (including SxMD Products)

Duration: 7 Months, Location: Lake Forest, IL

About the Role:

We are seeking a highly skilled Cybersecurity Specialist to conduct product cybersecurity risk assessments in regulated industries such as healthcare (medical and diagnostic devices). The ideal candidate will collaborate with RandD teams to develop secure architectures and implement security requirements, aligning with standard security frameworks like NIST 800-53.

Key Responsibilities:

• Conduct product cybersecurity risk assessments in regulated industries like healthcare.
• Collaborate with RandD teams to develop secure architectures and implement security requirements.
• Evaluate the security of products, software, and systems for compliance with applicable standards (ISO 27001, NIST, EU Directives, FDA, etc.).
• Assess and identify the impact of changes, updates, or new regulations on existing and new products, guiding teams on necessary implementations.
• Monitor and understand global cybersecurity standards, periodically reviewing for gaps and implementing them in Client SOPs and WIs.
• Utilize threat modeling practices and tools (e.g., STRIDE, OWASP) to identify and mitigate security threats.
• Conduct CVE vulnerability assessments using appropriate tools and practices.
• Monitor and understand security threats to develop effective mitigation solutions.
• Perform or support security testing, including penetration tests, and internal/external audits, coordinating remediation as necessary.

Requirements:

• 10 years of industry experience in the design and development of application software, with at least 5 years in cybersecurity for medical devices.
• Bachelor's degree in engineering (Computer, Electrical, Computer Systems, Systems, or Software) or a related discipline.
• Experience in product cybersecurity risk assessments in regulated industries like healthcare.
• Proficiency in threat modeling practices and tools (e.g., STRIDE, OWASP).
• Strong experience in vulnerability assessments, tools, and practices.
• Proven ability to monitor and understand security threats and develop mitigation solutions.
• Experience in performing or supporting security testing and coordinating remediation efforts.

Technical Skills:

• Experience with security tools and technologies, including firewalls, intrusion detection/prevention systems (IDS/IPS), and antivirus software.
• Experience with cybersecurity challenges and solutions specific to Software as a Medical Device (SxMD) products.
• Knowledge of encryption technologies and secure coding practices.
• Familiarity with network security protocols and technologies (e.g., SSL/TLS, VPNs, IPsec).
• Experience with cloud security and securing cloud-based applications and infrastructure.
• Understanding of secure software development lifecycle (SDLC) practices.
• Experience with security information and event management (SIEM) systems.
• Knowledge of regulatory requirements and standards specific to medical devices (e.g., HIPAA, GDPR).
• Proven track record of securing medical device software and hardware against vulnerabilities and threats.
• Experience in ensuring compliance with medical device cybersecurity regulations and standards (e.g., FDA premarket and postmarket cybersecurity guidance).

About Us:

DivIHN is a CMMI ML3-certified Technology and Talent solutions firm. We enable meaningful connections between talented professionals and forward-thinking organizations. Our team has extensive experience in providing Professional Consulting, Custom Projects, and Professional Resource Augmentation services to clients in the Mid-West and beyond.