Cybersecurity Test Engineer II

Overview

Responsibilities

• Perform cybersecurity testing vulnerability and penetration testing under supervision.
• Documents targets, test plan, scenarios tested, findings, test evidence and recommendations in Cybersecurity test reports.
• Simulate tactics, techniques and procedures used by advanced cyber threat actors (i.e., Hackers ).
• Leverage internal and external resources to research threats, vulnerabilities and intelligence on various attackers and attack infrastructure.
• Recognize and safely utilize attacker tools, tactics, and procedures
• Evaluates cybersecurity tools used in exploit development
• Provides assistance in security awareness and training activity
• Support Product Investigations for complaints and incidents
• Participates and sometimes leads the Sales Questionnaire Responses for cybersecurity.
• Participates as an active Cybersecurity team member in requirement reviews and team meetings.
• Analyze and review vulnerabilities and/or weaknesses identified by customer complaints.
• Participate in management technical reviews on test activities, scenarios, and results.
• Follows corporate standards and procedures
• Collaborates and shares knowledge with team members via formal and informal methods on a regular basis
• Provide regular assessment progress updates that include sufficient detail to convey work completed and upcoming activities
• Participates as an active Spacelab Cybersecurity team member in requirement reviews and team meetings

• Knowlege/experience and understanding of firmware, operating systems, applications, networks and network protocols, encryption algorithms, Access Control Models
• Knowledge/experience and understanding of Software and Hardware engineering, reverse engineering, web applications, databases, scripting,
  • Some knowledge in Operating Systems (Linux, MS Windows) Databases (MS SQL, MySQL, Postgres), Application/Web Servers (Apache, IIS, Wildfly), Microsoft WSUS
  • Some knowledge/experience in Networking, including switching, routing, firewalls and vulnerabilities
• Security Testing Tools such but not limited to - Tenable Nessus, Rapid7 InsightVM, Metasploit, BurpSuite, NetSparker, Wireshark)
• Must have the ability to handle many software exploits and take ownership for the assigned security assessments
• Must have the ability to take ownership for high complexity Security Assessments.
• Ability to operate Spacelabs Medical Devices and Solutions.
• Knowledge of Secure Coding and Development including OWASP Top 10 and MITRE/SANS Top 25
• Secure Software Development Life Cycle
• Security Frameworks (ISO 2700x, NIST Special Publications)
• Static Code Analysis
• Cloud Development and Cloud Security Testing
• Understand medical device regulations and quality system requirements
• Familiarity with some common attacks:
  • Password Cracking
  • Cross site request forgery
  • Cross site scripting
  • Improper Authorization
  • Improper Authentication
  • Privilege Escalation

• Passionate about Agile software processes, data-driven development, reliability, and experimentation
• Openness to working on a collaborative, cross-functional Agile solution team

Qualifications

• Self-motivated with strong problem-solving and learning skills
• Professional attitude and service orientation; team player
• Flexibility to changes in work direction as the project develops
• Good verbal and written communication and listening skills
• Ability to work well with others and under pressure
• Strong analytical and critical observation skills

• Team player that works collaboratively across Spacelabs.
• Passion for discovering and researching new vulnerabilities and exploitation techniques
• Strong work ethic; ability to work at an abstract level and gain consensus
• Able to build a sense of trust and rapport that creates a comfortable and effective workplace
• Attitude to thrive in a fast-paced environment
• Open minded to new approaches of learning
• Takes ownership and responsibility for data work