Job Description
Overview
At Spacelabs Healthcare, we are on a mission to provide continuous innovation in healthcare technology for better clinical and economic outcomes. Our scalable solutions deliver critical patient data across local and remote systems, enable better-informed decisions, increase efficiencies, and create a safer environment for patients.
Why work at Spacelabs? Because lives depend on you!
An elite level individual contributor position, the Principal Cybersecurity Test Engineer is a technical member of the Spacelabs Cybersecurity Team. They will design and conduct penetration testing to ensure appropriate security controls and safeguards are in place and function as intended for Spacelabs Products, Infrastructure and solutions.
Responsibilities
1. Designs and conducts penetration tests and assessments on products and applications simulating tactics techniques and procedures used by advanced cyber threat actors (i.e Hackers) in close collaboration with team
2. Leverages internal and external resources to research threats, vulnerabilities and intelligence for various attackers and attack infrastructure
3. Creates and maintains security assessment project plans
4. Designs and implements security exploits used in penetration testing
5. Learns and adopts new methods of developing security exploits
6. Evaluates exploits for applicability to products and applications
7. Evaluates tools used in exploit development
8. Provides assistance in security awareness and training activity
9. Support Product Investigations for complaints and incidents
10. Develops support tools for the Cybersecurity Team
11. Participates as an active Spacelabs Cybersecurity team member in requirement reviews and team meetings
12. Participates in company-wide knowledge spreading activities for security awareness
13. Performs code reviews as per project policy.
14. Performs integration testing to ensure software functions within application and with electrical and mechanical devices.
15. Evaluates, investigates, and implements fixes to assigned software defects.
16. Evaluates, investigates, and implements assigned software change proposals.
17. Provides level of effort for assigned software activities
18. Tracks personal estimates over time to improve accuracy
19. Follows project and corporate software plans, standards, and procedures to perform software development
20. Documents targets, test plan, scenarios tested, findings, test evidence and recommendations in penetration test report
21. Conducts management technical reviews on test activities, scenarios, and results
22. Collaborates and shares knowledge with team members via formal and informal methods on a regular basis
23. Provide regular assessment progress updates that include sufficient detail to convey work completed and upcoming activities
24. Participates as an active SPACELABS CYBERSECURITY TEAM team member in requirement reviews and team meetings
25. Follows corporate standards and procedures
Qualifications
Domain Expertise
26. Deep level of understanding of firmware, operating systems, applications, networks and network protocols, encryption algorithms, Access Control Models
27. Knowledge and understanding of Software and Hardware engineering, reverse engineering, web applications, databases, scripting,
28. Deep knowledge in coding languages (Assembly, C, C++, Java, C#, .NET, Python, etc.) found in software development.
29. Deep knowledge in Operating Systems (Linux, MS Windows) Databases (MS SQL, MySQL, Postgres), Application/Web Servers (Apache, IIS, Wildfly)
30. Deep knowledge in Networking, including switching, routing, firewalls and vulnerabilities
31. Hardware hacking expertise (JTAG, FPGA, USB, etc.)
32. Security Testing Tools such but not limited to – khali linux, Tenable Nessus, Rapid7 InsightVM, Metasploit, BurpSuite, NetSparker, Wireshark
33. Must have the ability to handle many software exploits and take ownership for the assigned security assessments
34. Must have the ability to take ownership for high complexity Security Assessments.
35. Ability to operate computers and medical devices
36. Secure Coding and Development (OWASP), MITRE/SANS Top 25
37. Secure Software Development Life Cycle
38. Security Frameworks (ISO x, NIST Special Publications)
39. Static Code Analysis
40. Cloud Development and Cloud Security Testing
41. Understand medical device regulations and quality system requirements
42. Familiarity with some common attacks:
43. Password Cracking
44. Cross site request forgery
45. Cross site scripting
46. Improper Authorization
47. Improper Authentication
48. Privilege Escalation
Agile/Digital Experience
49. Passionate about Agile software processes, data-driven development, reliability, and experimentation
50. Openness to working on a collaborative, cross-functional Agile solution team
Individual Skills:
51. Self-motivated with strong problem-solving and learning skills
52. Professional attitude and service orientation; team player
53. Flexibility to changes in work direction as the project develops
54. Good verbal and written communication and listening skills
55. Ability to work well with others and under pressure
56. Strong analytical and critical observation skills
Mindset and Behaviors:
57. Collaborative Team Player
58. Passion for discovering and researching new vulnerabilities and exploitation techniques
59. Strong work ethic; ability to work at an abstract level and gain consensus
60. Able to build a sense of trust and rapport that creates a comfortable and effective workplace
61. Attitude to thrive in a fast-paced environment
62. Open minded to new approaches of learning
63. Takes ownership and responsibility for data work
64. Bachelor's Degree plus a minimum of 12 years of related experience or Master's Degree plus a minimum of 10 years of related experience or waiver based on experience.
65. Degree should be in a technical discipline such as Computer Science-Information Security or Cybersecurity or Software Engineering.