Job
Description
Key Skills: Web Application Security, Penetration Testing Roles and Responsibilities: Conduct in-depth security assessments of medical device software using SAST and DAST tools, identifying and reporting vulnerabilities Analyze software bills of materials (SBOMs) to identify and mitigate supply chain risks Develop and maintain comprehensive security testing strategies and procedures Collaborate with software development teams to integrate security best practices into the development lifecycle Investigate and respond to security incidents and vulnerabilities Stay up-to-date on the latest security threats and trends in the medical device industry Assess Security Issue Findings: Assess the findings from SAST and DAST security issue reports to determine true/false positives Create custom rules for Veracode to enable the scanning tool to accurately identify custom security modules and libraries used by development teams, thereby reducing false positive findings Work with software developers and architects to determine appropriate mitigations for security issues Perform Manual Penetration Testing: Use Burp Suite, browser, or other tools to find security issues such as business logic-related issues and issues not usually found by automated security scanning tools Validate the implementation of security mitigations in addressing security issues using manual penetration testing techniques and tools Create and Execute Security Test Cases: Create and execute detailed security testing scripts using manual or automated approaches Create reusable test scripts for common security requirements In the process of creating security test cases, evaluate security requirements for gaps and research best practices for security issue remediation Consolidate testing results into standard templates for inclusion in regulatory documentation systems Map security requirements and functional or system requirements to show traceability Security Tools: Create and execute plans to evaluate new security tools Curate standard approaches in tools such as threat modeling tools to enable reuse Skills Required: Minimum of 5 years of experience in application security testing, with a focus on SAST, DAST, and SBOM analysis Minimum of 3 years of software development or practical automation using Python, Java, C#, or JavaScript Strong understanding of software development methodologies and programming languages Experience with security tools such as Fortify, AppScan, Veracode, or similar Knowledge of industry standards and regulations (e.g., FDA, IEC 62443) Excellent problem-solving, analytical, and communication skills Ability to work independently and as part of a team Preferred Qualifications: CISSP, CISM, or other relevant security certifications Experience in the medical device industry Knowledge of cloud security and DevOps practices Education: Bachelor's degree in Computer Science, Information Security, or a related field and Master's degree in Computer Science, Information Security, or a related field
