Mindlance
Overview
We are seeking a skilled Cyber Security Engineer (contract) to fill a key role within General Imaging (GI) Ultrasound, with a focus on vulnerability management and incident response capability. In this role you will work in a team to identify risks and communicate and track product vulnerabilities. Key Responsibilities
Installed Base and Commercial Support
Cyber Support activities: Complete DoD monthly security scans; complete remediation actions and prepare quarterly POAM review; ready solutions for open issue closure per schedule; support commercial and installed base inquiries.
Vulnerability Management
Vulnerability analysis and issue mitigation: maintain cyber Bills of Materials and conduct proactive vulnerability monitoring and assessment on cyber components; scope and participate in hardware and software penetration tests, vulnerability identification and risk assessment; engage in incident response methods and lead incident response processes related to product cyber; create and track meaningful metrics around product cyber risk and compensating controls; client and mitigate vulnerabilities in sensitive Critical Infrastructure/Key Resource Domains (CI/KR); develop and design innovative cyber security solutions for unique and complex technologies; assess and investigate threats in terms of severity and impact; create detailed reports on vulnerabilities, bugs, and design flaws; create vulnerability and incident trend analysis to improve product design; automate cyber trending and change detection; design an early detector of changes in security status with the ability to compare SBOM, SCAP and NESSUS results against a baseline.
Product security
Engage and administer End of Life processes for digital products; consult architects on security requirements and utilize best practices to meet requirements; engage in application and domain-specific threat modeling and attack surface analysis/reduction; prepare reports at appropriate levels of confidentiality for stakeholders to view.
Qualifications
Bachelors degree in computer science or STEM majors with minimum of 6 years of professional experience including Cyber Security. Certification in the Privacy, Security & Regulatory domain or related certification. Familiarity with identifying, analyzing, and ethically exploiting vulnerabilities that affect executable code. Strong knowledge of TCP/IP networking; ability to use Wireshark to capture and analyze network traffic. Hands-on experience with Windows and Linux based systems. Programming skills in one or more languages (Python, C, C++, CUDA, and others). Business acumen: able to translate vulnerability information into business risks relevant to our customers. Good understanding of workflow in the healthcare industry; knowledge of ultrasound or experience with medical device software development. Experience with cyber security frameworks (NIST 800-53, ISO 27001, IEC 62443, etc.) implementation and governance. Experience with secure coding principles; code signing and secure boot. Experience with penetration testing and ethical hacking. Demonstrated ability to work with blended Agile teams, including global teams. Excellent communication, facilitation, and documentation skills. Contract Scope
Estimated 40 hours/week. Participation in global team meetings willing to adjust work times to accommodate Europe (early start). Deliverables aligned with product development and launch milestones. EEO
Mindlance is an Equal Opportunity Employer and does not discriminate in employment on the basis of Minority/Gender/Disability/Religion/LGBTQI/Age/Veterans. #J-18808-Ljbffr
We are seeking a skilled Cyber Security Engineer (contract) to fill a key role within General Imaging (GI) Ultrasound, with a focus on vulnerability management and incident response capability. In this role you will work in a team to identify risks and communicate and track product vulnerabilities. Key Responsibilities
Installed Base and Commercial Support
Cyber Support activities: Complete DoD monthly security scans; complete remediation actions and prepare quarterly POAM review; ready solutions for open issue closure per schedule; support commercial and installed base inquiries.
Vulnerability Management
Vulnerability analysis and issue mitigation: maintain cyber Bills of Materials and conduct proactive vulnerability monitoring and assessment on cyber components; scope and participate in hardware and software penetration tests, vulnerability identification and risk assessment; engage in incident response methods and lead incident response processes related to product cyber; create and track meaningful metrics around product cyber risk and compensating controls; client and mitigate vulnerabilities in sensitive Critical Infrastructure/Key Resource Domains (CI/KR); develop and design innovative cyber security solutions for unique and complex technologies; assess and investigate threats in terms of severity and impact; create detailed reports on vulnerabilities, bugs, and design flaws; create vulnerability and incident trend analysis to improve product design; automate cyber trending and change detection; design an early detector of changes in security status with the ability to compare SBOM, SCAP and NESSUS results against a baseline.
Product security
Engage and administer End of Life processes for digital products; consult architects on security requirements and utilize best practices to meet requirements; engage in application and domain-specific threat modeling and attack surface analysis/reduction; prepare reports at appropriate levels of confidentiality for stakeholders to view.
Qualifications
Bachelors degree in computer science or STEM majors with minimum of 6 years of professional experience including Cyber Security. Certification in the Privacy, Security & Regulatory domain or related certification. Familiarity with identifying, analyzing, and ethically exploiting vulnerabilities that affect executable code. Strong knowledge of TCP/IP networking; ability to use Wireshark to capture and analyze network traffic. Hands-on experience with Windows and Linux based systems. Programming skills in one or more languages (Python, C, C++, CUDA, and others). Business acumen: able to translate vulnerability information into business risks relevant to our customers. Good understanding of workflow in the healthcare industry; knowledge of ultrasound or experience with medical device software development. Experience with cyber security frameworks (NIST 800-53, ISO 27001, IEC 62443, etc.) implementation and governance. Experience with secure coding principles; code signing and secure boot. Experience with penetration testing and ethical hacking. Demonstrated ability to work with blended Agile teams, including global teams. Excellent communication, facilitation, and documentation skills. Contract Scope
Estimated 40 hours/week. Participation in global team meetings willing to adjust work times to accommodate Europe (early start). Deliverables aligned with product development and launch milestones. EEO
Mindlance is an Equal Opportunity Employer and does not discriminate in employment on the basis of Minority/Gender/Disability/Religion/LGBTQI/Age/Veterans. #J-18808-Ljbffr