This position is responsible for focusing domain areas of expertise as well as a good breadth of experience across Application Penetration Testing, Thick Client Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing (iOS and Android), Medical IoT devices Penetration Testing, fuzz testing and Open-Source Intelligence and Physical Security Testing.
Responsibilities:
1. Perform medical device vulnerability scans, fuzz testing, penetration testing, security code reviews, and reverse engineering.
2. Carry out IOT penetration tests, application (mobile, MIoT and PC platform), network, systems, and infrastructure penetration tests.
3. Perform various aspects of vulnerability assessments / penetration tests across a wide variety of platforms and technologies in the medical industry.
4. Perform targeted testing activities to identify weaknesses and methods in which to exploit them.
5. Review threat models and perform security risk assessments of medical products.
6. Help evolve the knowledge of adversarial TTPs for medical devices and medical applications and apply that knowledge when evaluating and testing corporate resources.
7. Adhere to the highest standards of safety, ethics, and professional conduct.
8. Support project initiatives to assess vulnerabilities in medical devices and medical/health software assets.
9. Apply existing IT technical expertise to address cybersecurity-related issues and challenges.
10. Keep up to date with tools, countermeasures, threats, and technologies.
11. Develop and refine tools, templates, and methodologies.
12. Interpret vulnerabilities, identify weaknesses, exploit them, and escalate access.
Minimum Requirements:
1. Higher degree in Information Security, Computer Science, Computer/Software Engineering, Electrical Engineering, or relevant work experience.
2. Several years of professional experience in conducting IOT penetration testing, fuzz testing preferably in the medical sector (or other relevant sector).
3. Security knowledge in the areas: Operating system security, mobile OS Security, embedded operating system security, communication protocols (Bluetooth/BLE/WIFI etc.), medical protocols (DICOM etc.), threat modeling, common security testing tools.
4. Programming skills in Python, C/C++, C#, or similar for the purpose of code review and test automation.
5. Excellent technical expertise (in both breadth and depth), written communication skills, time management skills, and the ability to communicate effectively with numerous lines of business representatives.
6. Experience with open source and commercial penetration testing security tools in an enterprise environment.
7. Proficiency with Windows, Unix/Linux, and mobile platform operating systems.
8. Comprehension of OWASP Top 10 (both web and (M)IoT), OSSTMM, PTES, NIST and able to understand and communicate findings to customers.
9. Must be willing to work flexible hours; able to travel as required; comfortable working in a fast-paced environment.
#J-18808-Ljbffr