Our client is looking for security-focused engineers and researchers to join their Information Security Engineering Team and carry out security testing and research on their products. The role will require auditing of applications and code to detect or exploit security vulnerabilities specific to medical devices and products. This individual will be actively engaged in areas such as penetration testing, security analysis, and cutting-edge research on current technologies and attacks that apply to medical devices.
They are looking for a passionate individual who shares a passion for learning and new technologies as we drive toward securing our medical devices and products by design.
- Perform code reviews manually and by utilizing Static Code Analysis tools
- Penetration testing & vulnerability research
- Support developers of our business units in their SDLC and provide guidance regarding mitigations to emerging threats
- Threat modelling
- Provide guidance on secure architecture design as required
- Provide remediation planning for identified and emerging threats found through security testing
- Security tool development, maintenance and improvements
- Security training development and deliver to internal development teams
- Project and research work as required
- Sound security architectural and security knowledge in the following areas: Web Applications, Web and Cloud Services; Windows and Linux OSes; Embedded Devices / IoT; Mobile applications running on both Android and iOS
- Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE) or Offensive Security Web Expert (OSWE) certification preferred.
- Experience with programming languages such as C/C++ and C# and knowledge how to test code for security and quality
- Experience working with secure coding methodology and best practices and their implementation within engineering teams.
- Good understanding of standard security vulnerabilities and common remediation as published by OWASP, SANS, etc.
- Excellent written and verbal communication skills including the ability to convey highly technical information to non-technical audiences.
- Ability to build relationships with engineering teams to improve product security
Education and Experience:
- High School Diploma required.
- Minimum of 2 years’ experience in product security testing, security consultancy or equivalent.
Nice to haves:
- Bachelor’s degree in Information Systems, Computer Science, Engineering Degree strongly preferred but not required. Experience can substitute education.
- Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE) or Offensive Security Web Expert (OSWE) certification preferred but not required.