Security Engineer (Medical Device)

Sensiple Inc is a New Jersey corporation with over two decades of expertise in technology-driven solutions specialising in Customer Experience, Contact Center Solutions, Digital Transformation, Cloud Computing & Independent Testing.

With an expert team that has enriched experience in executing & developing sustainable IT strategies in Healthcare, Technology, Retail, Logistics, Education, Telecommunications, Government and Media, we help our diverse customers to envision the future.

By developing highly scalable and consistent solutions, our primary goal is to deliver excellence at all levels and delight our customers and drive them to a better future.

We are looking for a Security Engineer opportunity with one of our clients.

Job Description

Role: Security Engineer

Location: Burlingame CA (Onsite)

Type: Contract

• Collaborate with XFN teams, including software and hardware engineers, product managers, and medical device compliance, to design and implement secure solutions for medical devices.
• Author cybersecurity management plans, and other security deliverables required to support regulatory submissions (510(k), DeNovo, CE, etc) of RL medical device products
• Conduct security risk assessments and vulnerability testing to identify potential security threats and vulnerabilities in our products.
• Develop and implement security controls, such as encryption, access controls, and secure communication protocols, to mitigate identified risks.
• Work with the software and hardware development teams to ensure that security is integrated into the design and development and HW/SW architecture for medical device products
• Provide security-focused guidance and training to other team members to ensure that security is a top priority across all medical device programs
• Work closely with 3rd party test labs to ensure that security testing and validation is executed and completed.
• Serve as a primary point of contact between Medical Device XFN and other Security Teams
• Collaborate with the legal, SWE, program management, and medical device compliance teams to ensure that our products comply with relevant regulations and industry standards, such as HIPAA, FDA, and GDPR.
• Participate in incident response and security incident management
• Should be hands-on with Open Web application security project OWASP procedures
• Hands-on with Static code analyzer tools like Valgrind to trace Buffer overflow, Stack overflow, memory leaks, API testing
• Hands-on with code reviews to identify potential issues
• Fluent with code injection attacks - SQL, NoSQL, OS command, Object Relational Mapping (ORM), LDAP, and Expression Language (EL) or Object Graph Navigation Library (OGNL) injection
• Identify risks during firmware update
• Identify risks in Cryptography signature
• Able to guide and hands-on with Toolchain hardening
• Able to identify Identity and Access management attacks
• Data collection, storage, privacy
• Transport layer security
• Threat modeling-
• Identifying all assets in a system,
• creating an architecture overview
• Decomposing the system (or device),
• Identification of threats,
• Document all the threats with their respective scenarios, and
• Rate each threat by its likelihood as well as impact using a rating system

Required:

• Bachelor s degree in computer science, Cybersecurity, or related field
• 8 years of combined experience in software development, security engineering and security regulatory and compliance, with at least 5 years of experience in security engineering
• Strong understanding of security principles, threat modeling, and risk assessment
• Experience with secure coding practices, vulnerability remediation, and security testing
• Familiarity with regulatory requirements for medical devices (e.g., FDA, CE)
• Experience with mobile application security domain and issues (both Android and iOS)
• Experience with embedded systems/IoT devices a plus
• Should be hands-on with Open Web application security project OWASP procedures
• Hands-on with Static code analyzer tools like Valgrind to trace Buffer overflow,
• Stack overflow, memory leaks, API testing
• Hands-on with code reviews to identify potential issues
• Fluent with code injection attacks - SQL, NoSQL, OS command, Object
• Relational Mapping (ORM), LDAP, and Expression Language (EL) or Object Graph
• Navigation Library (OGNL) injection
• Identify risks during firmware update
• Identify risks in Cryptography signature
• Able to guide and hands-on with Toolchain hardening
• Able to identify Identity and Access management attacks
• Data collection, storage, privacy
• Transport layer security

Education:

• Bachelor s / Master

If you find yourself suitable for this position, kindly send your updated resume and expected hourly rate to rubal dot s at sensiple dot com

Regards

Rubal Singh| Sensiple Inc.,

rubal dot s at sensiple dot com

555 US Highway 1 S, Ste 330 Iselin, NJ 08830

Sensiple, Inc. is an Equal Opportunity Employer, and all qualified applicants will receive consideration for employment without regard to gender, race, colour, religion, sex, national origin, veteran or disability status.