|Published||November 29, 2022|
SUMMARY OF JOB FUNCTION WITHIN DEPARTMENT:
Senior Cybersecurity Software Engineer with an advanced knowledge of embedded software development. Responsible for secure software development following DevSecOps best practices. Working directly with the engineering team, the Cybersecurity Software Engineer will act as a lead for all cybersecurity development aspects of a medical device product, oversee the cybersecurity analysis of any features and systems, the definition of the mitigation actions, and the implementation of the development plan, as well as the creation and maintenance of the related documentation. Exhibits a high level of cybersecurity skills, software development mastery, technical direction, planning, and vision. Ensures the established Quality Standard for documentation, software development, and Cybersecurity is applied thoroughly and consistently.
ESSENTIAL DUTIES & RESPONSIBILITIES:
* Work in a lead capacity as a member of an agile development team to develop secure embedded and application-level software for medical devices.
* Determine cybersecurity level of effort and its impact on the project feasibility & timeframe.
* Train the engineering teams on Cybersecurity best practices, policies, and documentation.
* Assist with defining software requirements, based on marketing collaboration and regulatory expectations, including those related to cybersecurity.
* Responsible for the cybersecurity analysis and related risk mitigation process.
* Direct interface with Project and Product Management.
* Design, code, and test software. Software development (includes new projects and maintenance projects) to be done per the established Quality System.
* Review the security architecture of existing and upcoming products.
* Create and maintain associated documentation, including cybersecurity deliverables.
* Support Product Management as needed for market acceptance testing.
* Report software development status to Project Management.
* Provide technical direction and/or mentoring of less-experienced software engineers.
* Identify and promote best practices for software development.
* Forge strong relationships across departments and other companies.
* Stay abreast of new technologies and developments in the embedded software engineering field.
* Directly support 3rd party development, including requirements, timeline of deliverables, debugging, integration and performance analysis.
* Lead by example.
* Insist on the highest quality in their own work and that of others.
SKILLS, KNOWLEDGE, AND LICENSE OR CERTIFICATE REQUIRED:
* Experience with cybersecurity analysis and risk mitigation, including safe coding practices, data flow diagrams, threat models, etc.
* Experience with cybersecurity expectations of medical device regulatory bodies (FDA, MDR, GDPR) highly desired.
* Medical product development experience desired.
* Knowledge of medical device quality system regulations and standards (e.g., U.S. FDA Quality System Regulation 21CFR Part 820, ISO13485, ISO9001, IEC 62304, ISO14971).
* Proven experience in leading development of two or more commercial applications or technologies.
* Experience with design documentation for software.
* Extensive knowledge of the Linux platform and tools (gcc, gdb, make, shell scripting, etc.) is required. Has proven experience with cross platform issues and is able to learn new platforms quickly.
* Experience working with RTOS, cross-compilers, and other technologies in embedded applications.
* Experience with microprocessor and embedded systems industry innovations and developments.
* Strong knowledge of Internet technologies, communication protocols, networking, network security, Hardware Security Modules, PKI, Transport Layer Security, and related techniques is required.
* Security certification (CSSLP, HCISPP, CISSP or similar) is highly desired.
* Excellent knowledge of current software development best practices, object-oriented design, SOLID, event-driven architecture, multimedia processing, interface design, localization, portability, extensibility, and testability.
* In-depth knowledge of C/C++ and associated debugging techniques.
* Excellent communication skills. Has forged relationships with development personnel throughout the company.
* Excellent project planning and estimating skills; drives projects and keeps them moving through daily obstacles; asks for additional assistance when appropriate.
* Self-motivated; works with minimal supervision.
* Enthusiastic about the company and about developing its high-quality medical products.
* Strong software design skills.
* Writes clear, maintainable, well-documented, portable code.
* Recognizes problems and offers solutions. Helps the group adapt to changing conditions.
PHYSICAL REQUIREMENTS: (Describe the specific physical requirements necessary to accomplish the essential job functions, i.e., ability to sit or stand for long periods of time, lifting requirements, audio/visual requirements etc.)
* This position requires occasional lifting of test equipment such as a PC, monitor, camera, etc. up to approximately 30 lbs.
* The employee will also need to work in front of a monitor for extended periods of time.
EDUCATION/EXPERIENCE: (Typical pattern of education and experience that would provide the knowledge and skills indicative of successful job performance.)
* BS/MS in Computer Science, Electrical Computer Engineering or related field with 8-10 years of experience in software development.
TRAINING REQUIREMENTS: (Safety, regulatory compliance, legal & job specific)
* Injury and Illness Prevention Program; annually - OSHA requirement.
* Quality System training.
* Job Specific - In house requirement.
LEVEL OF SUPERVISION REQUIRED:
Work with Software Engineers, Software Architects, Security Analysts, System Engineers, Project Managers, Product Managers, 3rd Party Vendors, Software Supervisor and/or Software Manager, and Service Personnel with some level of supervision.
INTERFACE: (Internal/External Customers)
* The Software Engineer will be required to work closely with both internal and external customers, including employees, other Storz organizations, vendors, and customers of Karl Storz.
* It is each employee's obligation to consistently treat visitors, external customers and all co-workers with courtesy and respect.