Medical Devices - Security Engineer

• Bachelor’s degree in computer science, Cybersecurity, or related field

• 8 years of combined experience in software development, security engineering and security regulatory and compliance, with at least 5 years of experience in security engineering

• Strong understanding of security principles, threat modeling, and risk assessment

• Experience with secure coding practices, vulnerability remediation, and security testing

• Familiarity with regulatory requirements for medical devices (e.g., FDA, CE)

• Experience with mobile application security domain and issues (both Android and iOS)

• Experience with embedded systems/IoT devices a plus Should be hands-on with Open Web application security project – OWASP procedures

• Hands-on with Static code analyzer tools like Valgrind to trace Buffer overflow, Stack overflow, memory leaks, API testing

• Hands-on with code reviews to identify potential issues

• Fluent with code injection attacks - SQL, NoSQL, OS command, Object Relational Mapping (ORM), LDAP, and Expression Language (EL) or Object Graph Navigation Library (OGNL) injection

• Identify risks during firmware update

• Identify risks in Cryptography signature

• Able to guide and hands-on with Toolchain hardening

• Able to identify Identity and Access management attacks

• Data collection, storage, privacy

• Transport layer security