Cyber Security Expert

**Job Title**: Cybersecurity Expert - Product, Platform & Solution Security

**Role Summary**

The Cybersecurity Expert plays a critical role in protecting the integrity, availability, and confidentiality of medical software and systems by embedding security principles throughout the development lifecycle. As part of the Cybersecurity Center of Competence, the expert collaborates cross-functionally with R&D, product teams, architects, regulatory stakeholders, and external security communities to lead threat analysis, ensure secure design, validate vulnerabilities, and shape the security posture of products and platforms. This role is both technical and consultative, requiring deep knowledge of secure engineering practices, standards, and incident response.

**Key Responsibilities**

**1. Security Consulting & Risk Mitigation**
- Provide security consultation to product teams to eliminate or mitigate weaknesses in line with industry standards (e.g., IEC 62443, NIST, ISO 27001).
- Participate in design and architecture discussions to ensure alignment with secure design principles.
- Guide software architects in integrating cyber security requirements into product and solution design.

**2. Vulnerability & Threat Management**
- Perform threat modeling, risk analysis, and attack surface assessments.
- Analyze vulnerabilities (internal or third-party), validate remediation measures, and guide patching strategies.
- Perform security incident investigations and provide forensics support when required.

**3. Security Engineering & Tooling**
- Design or extend tools, scripts, or automation frameworks for vulnerability scanning and penetration testing.
- Perform or oversee activities such as:

- Fuzz testing
- Reverse engineering
- Code analysis (static/dynamic)
- Secure software supply chain checks
- Contribute to the integration of automated security tooling into CI/CD pipelines.

**4. Secure Development Lifecycle Support**
- Lead or support security activities throughout the Secure Software Development Lifecycle (SDLC).
- Participate in or lead security gate reviews, release readiness assessments, and milestone reviews.
- Create and maintain secure coding and design guidelines for developers.
- Conduct or support internal security audits and regulatory submissions.

**5. Community Development & Training**
- Conduct security awareness sessions and technical training for R&D teams.
- Develop reusable security patterns, checklists, and guidance material.
- Collaborate with Cybersecurity Officers, Product Owners, and Architects to ensure cohesive security implementation across programs.
- Contribute to internal and external knowledge sharing, security forums, and standardization groups.

**Required Qualifications & Skills**

**Education and Experience**: Bachelor’s/Master’s degree in Computer Science, Cybersecurity, or a related field.
- 5-8 years of experience in IT/software development, with 3+ years focused on cybersecurity.

**Technical Expertise**

Strong foundation in:

- Secure architecture and design
- Threat modeling / Security risk analysis
- Static and dynamic code analysis
- Fuzz testing / Penetration testing
- Security tooling and automation (e.g., SonarQube, Burp Suite, Fortify, Checkmarx)
- Operating systems and networking fundamentals
- DevSecOps pipeline and CI/CD integration basics

**Working knowledge of**:

- HIPAA, HITECH, FDA Pre/Postmarket Cybersecurity Guidance (for medical devices)
- Regulatory standards: IEC 62443, ISO 27001, NIST SP 800-53/82/218, CLSI AUTO11-Ax, IEC 80001

**Certifications (preferred)**
- CISSP - Certified Information Systems Security Professional
- CSSLP - Certified Secure Software Lifecycle Professional
- OSCP, CEH, or similar ethical hacking certifications

**Collaboration & Stakeholders**

Internal : Cybersecurity Officers (CYSO), R&D Development & Test teams, Quality/Risk Managers, Project Managers, Product Owners, Architects

External : Standardization bodies, security tool vendors, customer security teams, and external cybersecurity communities

**Work Style and Engagemen**t
- Must be able to support multiple concurrent projects.
- Requires proactive leadership and strong communication with cross-functional teams.
- Expected to contribute regularly to internal security initiatives, CoPs (Communities of Practice), and lessons learned.