F

Principal Cybersecurity Engineer

Fresenius Kabi USA
Full-time
On-site
North Andover, Massachusetts, United States

Job Summary

The Principal Cybersecurity Engineer, under minimal supervision, provides hands-on product security engineering, encompassing various aspects of medical device cybersecurity for devices with embedded and web applications. Actively engages in all stages of secure product development, with a particular emphasis on threat modeling, vulnerability analysis, and risk assessment. Contributes to the architectural design process to guarantee that security requirements are met. Supports the implementation of a comprehensive security testing strategy and assists in the formulation and execution of cybersecurity policy for medical device development and on-market medical devices.

Due to applicable export control laws and regulations, candidates must be a U.S. citizen or national, U.S. permanent resident (i.e., current Green Card holder), or lawfully admitted into the U.S. as a refugee or granted asylum.

Responsibilities

In compliance with September 2023 FDA guidance, “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions”, the following activities will be performed

  • Threat modeling
  • Vulnerability analysis and risk estimation
  • Risk evaluation
  • Vulnerability prioritization
  • Security risk control assessment
  • Development and execution of security test strategy
  • Review product cybersecurity standard operating procedures and provide pragmatic recommendations for continuous process improvements to maintain compliance with global regulatory standards and agency regulations
  • Provide cybersecurity guidance to the broader product development team to ensure uniform adherence to industry best practices across all product designs and processes

  

Requirements

  • Bachelor’s degree in Computer Science, Computer Engineering, Cybersecurity or related Engineering degree

  • Experience or in-depth knowledge of FDA regulatory requirements for cybersecurity in medical devices

  • 5+ years of experience in performing cybersecurity activities

  • Experience in application of cybersecurity to embedded medical device software and/or web applications

  • Expected to be abreast of rapidly evolving cybersecurity landscape and applicability to medical devices

  • Must possess excellent written and verbal communication skills

  • Experience in the planning and execution of Cybersecurity Penetration testing.

  • Experience in Software Composition Analysis.

Additional Information

We offer an excellent salary and benefits package including medical, dental and vision coverage, as well as life insurance, disability, 401K with company contribution, and wellness program.

Fresenius Kabi is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, citizenship, immigration status, disabilities, or protected veteran status.