Beschreibung
Cyber Security Engineer
- Two client locations - Frankfurt area/Bavaria area
- 6 month contract, extendable over a year
- Schedule: 5 days a week (4 days onsite 1 day remote)
- Start date: ASAP or first week of January 2019
Purpose and Scope
The Cyber Security Engineer develops security software, including tools for encryption, authentication, monitoring, and intrusion detection, virus/spyware/malware detection for hemodialysis and peritoneal dialysis medical device products and related services. Other tasks will include partnering with the existing corporate security governance policy and processes, collaborating with cross-functional project teams, and the implementation of appropriate security solutions, and participation in any vulnerability assessments as subject matter expert. This role is distinct from the company's corporate security scope.
Duties and Responsibilities
- Maintain up-to-date knowledge of the global IT security industry in regards to hemodialysis and peritoneal dialysis and related products and personal health information including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
- Assess the risk of new and current medical devices, treatment services, and digital solutions (Cloud-based services, Mobile Applications, IoT Services, etc.).
- Ensure the confidentiality, integrity, and availability of the data residing on or transmitted to/from/through medical devices, treatment services, and in databases and other data repositories developed by GRD.
- Participate in security software code reviews.
- Support the design and execution of vulnerability assessments, penetration tests and security audits.
- Perform regular security awareness training to ensure consistently high levels of compliance with security policy.
- Aligning and collaborating with fellow security professionals (CSIO, Protection/Security Law, etc.).
- Performs security monitoring, security and data/logs analysis, and forensic analysis, to detect security incidents, and mounts incident response.
- Investigates and utilizes new technologies and processes to enhance security capabilities and implement improvements
- Analyzes and assesses vulnerabilities in hemodialysis and peritoneal dialysis medical device products and related services, investigate/implement security controls to Remedy the detected vulnerabilities,
- Tests for compliance with security policies and procedures.
- May assist in the creation, implementation, and/or management of security solutions.
- Other duties as assigned.
- Need to be sharp; think independently and have good documentation and communication skills. This person will participate in the selecting of security training for the teams.
- Will participate in code reviews with machine teams and help implement continuous integration with vulnerability static code analysis tools.
- Will work with global teams
- Certification in ISO2700
Education:
- Master's Degree in Computer Science, Information Security or Cyber Security or related field
Experience and Required Skills
- Industry certifications
- Certified Information Security Manager (CISM) - Preferred, Practitioner-level - Pluses
- Certificate of Cloud Security Knowledge, Security+, OSCP, CEH, CISSP (or Associate)
- Knowledge and understating of Medical Device Regulation, Quality, and Design Controls (ISO 13485, ISO14971, FDA 21 CFR 820.30) Preferred.
- Knowledge of a cybersecurity framework a plus (Ex. NIST SP 800, ISO 27000, NIST CSF)
- Communication and presentation skills both across technical and non-technical audiences, both written and in-person.
- Ability to partner with a diverse set of global groups
- Strong Communication and Documentation skills
- Competent mentoring and coaching skills
Musts:
- Regulated Environment Experience
- Imbedded Devices
- Network Devices
- English language fluency