X

Diese Internetseite verwendet Cookies, um die Benutzererfahrung zu verbessern.

Wenn Sie dieses Kästchen ankreuzen, stimmen Sie dieser Verwendung und unserer Datenschutzrichtlinie zu.

Product Security Architect

Location: Chelmsford, MA

Resuscitation

ZOLL Medical is a growing, innovation-driven company on the forefront of delivering medical devices to save lives, and software solutions to improve efficiency. With customers in more than 140 countries, we continue to expand our reach, as well as our product offerings. Hospitals, emergency medical services (EMS), and others trust us to provide high-quality products and exceptional customer service. ZOLL products are used every day across the globe to save the lives of people who suffer sudden cardiac arrest. From Real CPR Help® technology—an industry first—to the world’s only wearable defibrillator, our capabilities and features set us apart. But none of this would be possible without the motivation and dedication of ZOLL employees, and we’re invested in their success.

We offer competitive salaries and a comprehensive benefits package. Join our team. It’s a great time to be a part of ZOLL!

The Product Security Architect acts as the subject matter expert and supports all areas of product cybersecurity including secure by design strategies, risk management, testing, training, and incident response.

Responsibilities

  • Advise product development teams regarding the implementation of cybersecurity controls, the design of security-related features, and the delivery of cybersecurity regulatory requirements.
  • Track regulatory requirements for medical device cybersecurity and provide guidance to the product teams.
  • Lead the security testing efforts of the products. This includes the defining the scope, selecting the vendor or tool, scheduling and timing of testing, and interpreting the results.
  • Lead the effort of building the cybersecurity knowledge within the product teams by identifying knowledge gaps and working with the Product Development Team to provide necessary training.
  • Take lead on all Product Security Incident Response including the identification of affected products, assignment of severity, root cause analysis, and tracking mitigation efforts.
  • Advise and ensure accuracy of external communications related to product security and assist with customer product security questions.
  • It is essential for the Security Architect to be a subject matter expert in product cybersecurity, IT cybersecurity, and the products. For this reason, it is expected that the Security Architect will maintain a regular cadence of study in cybersecurity and product knowledge.
  • Familiarity with SAST, DAST, and OSS scanning tools.
  • Familiarity with CI/CD methodologies and toolsets.
  • Solid understanding of common software and web application security vulnerabilities.
  • Knowledge of crypto primitives, authentication protocols, and authorization standards (Eg: SSL/TLS, SAML, OAuth, JWT tokens), and implementations within most major cloud providers.
  • Experience in finding and remediating security in one or more languages (C#, Node/JS, Python preferred)
  • Ability to find, evaluate, and remediate common vulnerabilities (CVEs) In firmware, software, and configurations
  • Collaborate with developers and infrastructure teams to remediate vulnerabilities
  • Act as a subject matter expert for incident remediation and security related architecture decisions
  • Identify new and emerging security tools and practices for implementation
  • Familiarity and possibly experience programming in one or more languages
  • Analyzes reported vulnerabilities to determine product impact; assist with customer communications about potential vulnerabilities
  • Support sales and marketing for communicating product security updates and vulnerability responses
  • Stay current with standards, regulations and guidance related to product cybersecurity (e.g., FDA Cybersecurity Pre- and Post-Market Guidelines)
  • Analyze system and software design for cybersecurity risk and hazard analysis
  • Monitor outsourced security assessments and penetration tests of products
  • Create and maintain threat models for new and existing products
  • Track security updates in open source software and other off the shelf components and advise program directors with product software update planning
  • Participation in ISAOs (Information Sharing and Analysis Organizations)
  • Field incoming vulnerabilities reported by white hat hackers
  • Awareness of regulatory/statutory compliance e.g. PCI, GDPR,CCPA,ISO 27001 & NIST 800-53, NIST 800-161, and other information security procedures and protocols (including FDA Pre- and Post-market Guidance on Cybersecurity for Medical Devices).
  • Ability to design, communicate, and implement compliance structures to enable the organization to effectively create applications that support regulatory and statutory compliance
  • Proactively support and engage to build an audit infrastructure in support of compliance
  • Be able to evaluate existing applications and processes to determine existing levels of compliance and recommend changes to applications.
  • Create, maintain, and review IT Security policies for regulatory and statutory compliance
  • Works with audit and other security/compliance organizations to ensure cross-team communication in support of compliance issues.
  • Coordinates IT implementation of compliance activities
  • Effective written and oral communication with multiple levels of leadership involving both the business and technical sides of the company.

Required/ Preferred Education and Experience:

  • BS degree or equivalent in Computer Science, Electrical/Computer Engineering or related engineering or science discipline
  • 8 years of professional product development experience
  • 5 years of security experience, preferably with devices with embedded software
  • Certifications such as CISM, CISSP, Global Information Assurance Certification (GIAC) or CompTIA Security+ Certification
  • Knowledge of industry specific legal and regulatory requirements GDPR/HIPAA/CMS/PCI
  • Background in risk management frameworks
  • Experience in applying OWASP Top 10 and other industry standard software hardening practices

Other Duties:

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job.  Duties, responsibilities, and activities will be reviewed periodically as duties and responsibilities change with business necessity.  Essential and marginal job functions are subject to modification.

ZOLL Medical Corporation appreciates and values diversity.  We are an Equal Opportunity Employer M/F/D/V. 

ADA:  The employer will make reasonable accommodations in compliance with the Americans with Disabilities Act of 1990