Cybersecurity Sr. Specialist

Responsibilities :

• Conduct product cybersecurity risk assessments in regulated industries such as healthcare (medical and diagnostic devices).
• Collaborate with R&D teams to develop secure architectures and implement security requirements, aligning with standard security frameworks like NIST 800 53.
• Evaluate the security of products, software, and systems for compliance with applicable standards (ISO 27001, NIST, EU Directives, FDA, etc.).
• Assess and identify the impact of changes, updates, or new regulations on existing and new products, guiding teams on necessary implementations.
• Monitor and understand global cybersecurity standards, periodically reviewing for gaps and implementing them in Abbott SOPs and WIs.
• Utilize threat modeling practices and tools (e.g., STRIDE, OWASP) to identify and mitigate security threats.
• Conduct CVE vulnerability assessments using appropriate tools and practices.
• Monitor and understand security threats to develop effective mitigation solutions.
• Perform or support security testing, including penetration tests, and internal / external audits, coordinating remediation as necessary.
• Collaborate with Systems Engineering, Software Development, Regulatory, and other stakeholders to develop and document cybersecurity controls.
• Execute tests to identify system and security vulnerabilities. Qualifications :
• 10 years of industry experience in the design and development of application software, with at least 5 years in cybersecurity for medical devices
• Bachelor's degree in engineering (Computer, Electrical, Computer Systems, Systems, or Software) or a related discipline.
• Experience in product cybersecurity risk assessments in regulated industries like healthcare.
• Proficiency in threat modeling practices and tools (e.g., STRIDE, OWASP).
• Strong experience in vulnerability assessments, tools, and practices.
• Proven ability to monitor and understand security threats and develop mitigation solutions.
• Experience in performing or supporting security testing and coordinating remediation efforts. Technical Skills :
• Experience with security tools and technologies, including firewalls, intrusion detection / prevention systems (IDS / IPS), and antivirus software.
• Experience with cybersecurity challenges and solutions specific to Software as a Medical Device (SxMD) products.
• Knowledge of encryption technologies and secure coding practices.
• Familiarity with network security protocols and technologies (e.g., SSL / TLS, VPNs, IPsec).
• Experience with cloud security and securing cloud-based applications and infrastructure.
• Understanding of secure software development lifecycle (SDLC) practices.
• Experience with security information and event management (SIEM) systems.
• Knowledge of regulatory requirements and standards specific to medical devices (e.g., HIPAA, GDPR).
• Proven track record of securing medical device software and hardware against vulnerabilities and threats.
• Experience in ensuring compliance with medical device cybersecurity regulations and standards (e.g., FDA premarket and postmarket cybersecurity guidance)