Sr. Cybersecurity Engineer

Olympus Corporation of the Americas Making people's lives healthier, safer, and more fulfilling is our ultimate purpose. Being True to Life means creating new solutions, making a positive impact on society, and enhancing the way people live. Working Location: MASSACHUSETTS, WESTBOROUGH Workplace Flexibility: Hybrid The Sr. Cybersecurity Engineer for Medical Devices R&D is responsible for leading and/or supporting the development and implementation of security measures specific to medical device technologies. This role focuses on protecting computer systems, networks, and sensitive data integral to medical device functionality and patient safety. The primary responsibilities include overseeing all phases of cybersecurity initiatives, including identifying and evaluating security threats, defining security requirements tailored to medical devices, and conducting rigorous security verifications and validations. Within a collaborative R&D environment, the Sr. Cybersecurity Engineer is expected to be a proactive communicator, work effectively with cross-functional teams, manage projects efficiently, deliver high-quality and compliant security solutions, and continuously advance their knowledge in both cybersecurity and medical device regulations. This role involves the creation and analysis of security-related data, subsequent reporting, and generating and maintaining comprehensive documentation. A working knowledge of FDA guidelines, cybersecurity frameworks, and best practices specific to medical devices is required. May provide leadership and direction to R&D Technicians. Job Duties Supports product development teams by participating in the specification, development, verification, and deployment of security measures for new and existing products running Linux or Windows operating systems. Assists in proposing solutions and contributing to the technical direction for product security development, ensuring alignment with secure architecture designs. Contributes to the development and execution of security plans and product security specifications. Conducts vulnerability scans on software under the guidance of lead engineers to identify potential security issues before product release. Supports cybersecurity risk management activities, including assisting in threat modeling and vulnerability assessments, and helps implement risk controls based on CVSS scores. Participates in design and code reviews to identify potential security vulnerabilities, making appropriate recommendations. Assists development teams in the initial stages of penetration and fuzz testing for new products containing software components. Helps implement security configurations within products and the supporting infrastructure. Assists in drafting customer-facing product security documents, such as MDS2 forms, under supervision. Provides support on product security issues escalated to the engineering team. Contributes to raising awareness of security concerns and helps share best engineering practices within the team. Assists in maintaining and updating facility-level procedures and work instructions for the cybersecurity program. Supports the response efforts to lower-level cybersecurity incidents. Works with product teams to implement and verify security measures by offering guidance, assisting with establishing measures, and using suitable tools. Encourages improvements in security-related processes and tools and collaborates with other teams to facilitate these enhancements. Provides basic training on product security practices to internal teams under supervision. Continuously seeks to expand knowledge and expertise in the field of cybersecurity. Stays informed about evolving regulatory guidance, legislation, and industry standards related to medical device and healthcare IT cybersecurity. Identifies and evaluates potential new security technologies and tools with oversight. Assists in proposing solutions and contributes to discussions on the future technical direction for product security. Job Qualifications Required: Minimum year of related experience: 5+ years or 4+ years with MS or 0-2 years with PhD. General knowledge of cybersecurity measures within medical device development. Working knowledge of and experience in applying FDA regulations and international cybersecurity standards specific to medical devices (e.g., FDA Cybersecurity Guidance, ISO/IEC 27001, NIST SP 800-53, and IEC 62443). Capable of developing detailed cybersecurity documentation and deliverables necessary to support secure high-volume manufacturing and maintain high device quality. Preferred: Proficient in Microsoft Office applications, including Outlook, PowerPoint, Project, and Visio, for documentation, project management, and presentations. Familiarity with cybersecurity design and analysis tools, as well as the ability to critically evaluate technical diagrams and architectural designs. Knowledge of common technologies, methodologies, and materials used in manufacturing secure medical devices. Skilled in solving complex cybersecurity challenges and exercising sound judgment to make timely and effective security decisions. Experience with the practical application of cybersecurity metrics and working knowledge of cybersecurity analysis tools and packages. Able to collaborate effectively across cross-functional teams and multiple locations, fostering a security-first culture. Capable of managing multiple cybersecurity projects or work streams in parallel, ensuring timely and successful execution. Strong verbal and written communication skills, with the ability to present cybersecurity information to team members and stakeholders confidently. Able to work in a professional open-space environment without distracting colleagues, while maintaining focus on cybersecurity tasks. Possesses a positive attitude and capacity to complete cybersecurity initiatives promptly and with high quality. #J-18808-Ljbffr

Created: 2025-02-13