Embedded Systems Security Architect

Location: Remote, MA

Resuscitation

ZOLL Medical is a growing, innovation-driven company on the forefront of delivering medical devices to save lives, and software solutions to improve efficiency. With customers in more than 140 countries, we continue to expand our reach, as well as our product offerings. Hospitals, emergency medical services (EMS), and others trust us to provide high-quality products and exceptional customer service. ZOLL products are used every day across the globe to save the lives of people who suffer sudden cardiac arrest. From Real CPR Help® technology—an industry first—to the world’s only wearable defibrillator, our capabilities and features set us apart. But none of this would be possible without the motivation and dedication of ZOLL employees, and we’re invested in their success.

We offer competitive salaries and a comprehensive benefits package. Join our team. It’s a great time to be a part of ZOLL!

Description

The ZOLL Cyber Product Security Team is hiring an Embedded Security Architect to operationalize a robust cybersecurity program focusing on medical devices for the IoT edge. This role will report to the Product Security Lead and provide support for all areas of product cybersecurity including secure by design strategies, Implementation, verification, training, and product incident response.

  • Implements product cybersecurity program
  • Advise product development teams regarding the implementation of cybersecurity controls, the design of security-related features, and the delivery of cybersecurity regulatory requirements.
  • Assist with security testing of products, including internal testing and working with third-party security assessment and pen testing companies.
  • Ability to contribute at different levels of IoT security discussions including microcontrollers, multiprocessor embedded systems, IoT Cloud Architectures and SaaS applications
  • Maintains, and reviews policies related to the secure development of products
  • Key contributor to PSIRTs and vulnerability triage
  • Assist development teams in securing development systems and implementing DevSecOps principles
  • Collaborate with developers and infrastructure teams to triage and remediate vulnerabilities
  • Responds to product security questions from sales and regulatory agencies
  • Support sales and marketing for communicating product security updates and vulnerability responses and sales enablement for cybersecurity
  • Identify new and emerging security tools and practices for implementation
  • Participation in ISAOs (Information Sharing and Analysis Organizations) and H-ISAC
  • To fulfill this role, a regular cadence of study in cybersecurity and attendance at conferences is required
  • Hacker mentality a must

Required/Preferred Education and Experience:

  • BS degree or equivalent in Computer Science, Electrical/Computer Engineering or related engineering or science discipline
  • 5-10+ years of product development experience, preferably including the development of medical devices
  • 5-10+ years of embedded systems experience
  • 5-10+ years of product security experience
  • Experience developing hardware, firmware, and programming in at least one language and one RTOS, preferably in a safety critical environment
  • Experience with embedded Linux, preferably on ARM based architectures
  • Experience integrating security tools into the embedded development pipeline
  • Experience in applying OWASP SAMM or other security focused software development framework to an IoT development program
  • Experience using and training others in use of the Common Vulnerability Scoring System (CVSS)
  • Knowledge of device identity and provisioning at scale
  • Effective written and oral communication on the technical aspects of embedded security with the target audience ranging from developers to FDA auditors
  • Knowledge of technology environments, including embedded systems and cloud-based applications and cloud service architectures (AWS, Azure, etc.)
  • Knowledge of industry specific cybersecurity frameworks and regulatory requirements such as FDA Pre and Post-market Guidance on Cybersecurity for Medical Devices, TIR57, and IEC62304, NIST Cyber security Framework
  • Familiarity with SAST, DAST, IAST, OSS, fuzzing and threat modeling tools.

Other Duties:

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job.  Duties, responsibilities, and activities will be reviewed periodically as duties and responsibilities change with business necessity.  Essential and marginal job functions are subject to modification.

ZOLL Medical Corporation appreciates and values diversity.  We are an Equal Opportunity Employer M/F/D/V. 

ADA:  The employer will make reasonable accommodations in compliance with the Americans with Disabilities Act of 1990