Cybersecurity Specialist
Planet Pharma, Lafayette, CO, United States
Job Description
'The main issue was we needed someone who thinks like an engineer and willing to focus on secure product design, documentation, and maintaining the security of the devices. I think we end up with a lot of security IT people who are used to monitoring network infrastructure and things like that vs. thinking about building a product with secure features.'
HM's Top Need: Background in security (education and/or certifications) Willingness to create and maintain documentation Excellent communication skills and willingness to work with less technical team members to understand security concepts Education Required: Bachelors Years' Experience Required: 2
Location: Lafayette, Colorado - 4 days in office per week.
Education Required: Bachelor's degree related to computer science or cybersecurity
Years' Experience Required: 2 or more
Title : Cybersecurity Specialist
Job Description :
The Acute Care & Monitoring group develops products that are designed to collect patient information from around the hospital and ensure that caregivers can make the right decisions at the right time. We strive to improve patient outcomes by ensuring that when a problem emerges at the bedside, caregivers are aware of it and can respond quickly. We analyze and learn from patient data to find better ways to provide quality care for patients. Our products are deployed in care facilities across the globe and help to save and improve lives every day. A career here is like no other. We're purposeful. We're committed. And we're driven by our Mission to alleviate pain, restore health and extend life for millions of people worldwide.
This position is primarily responsible for supporting pre-market project teams in building security deliverables. You will work with R&D teams to help them understand how to build products securely by design and how to maintain their security for their product lifetime.
Top 3 Tasks or Responsibilities in scope for this role: Working with medical device product teams to build security deliverables and documentation Building and updating SBOMs Building threat models for medical devices Top 3 things the manager is looking for in a candidate:
Experience with threat modeling Experience with SBOMs (Software Bill of Materials) Experience with CVSS scoring
Travel : N/A
Position Responsibilities :
-Build threat models for products and assess threats for risk and possible mitigations
- Build SBOMs for products and review their accuracy
- Review and interpret CVEs for impact on products
- Review and interpret penetration testing results
- Work with technical experts and product owners to measure risk associated with vulnerabilities
- Document risk assessments
- Recommend mitigations for security risks
Minimum Qualifications :
-
Bachelor's degree
in computer engineering, software engineering, cybersecurity, computer science, or related field
- 2 years of experience in a cybersecurity-related role
- Experience with networking concepts
- Effective communication both verbally and in written form
- Experience with threat modeling tools, such as Microsoft Threat Modeling Tool
- Experience with vulnerability monitoring tools such as Dependency-Track
- Experience with using the NVD
- Familiarity with the CycloneDX SBOM specification
- Experience with CVE interpretation
- Experience with CWE interpretation
- Experience with CVSS scoring methodology
- Experience explaining technical concepts to non-technical individuals
- Familiarity with FDA Pre and Post-market guidance
- Familiarity with the OWASP Top 10
- Familiarity with standards such as IEC 81001-5-1 and IEC 62304
Equal Opportunity Employer: We are proud to be an equal opportunity employer. We welcome and encourage applications from all qualified candidates regardless of race, sex, gender identity or expression, disability, age, religion or belief, sexual orientation, or any other characteristic protected by applicable laws and regulations. It is our policy not to discriminate against any applicant or employee, and we are committed to fostering a diverse, inclusive, and respectful work environment across all locations in which we operate. We believe that diversity, equity, and inclusion are fundamental to our mission and enhance our ability to serve clients globally. If you have a disability or require any reasonable accommodations during the application or interview process, please inform your recruiter or contact us directly so that we can explore the appropriate arrangements.
Fraud Alert: Candidate safety is a top priority at Planet Pharma. The industry has seen an increase in people falsely representing themselves as recruiters to gather personal information from job seekers. For your safety, do not provide sensitive data to anyone you have not spoken with thoroughly, never provide banking information during the application process and always double check the email address of the Recruiter to ensure it's from an official Planet Pharma domain (@planet-pharma.com, @planet-pharma.co.uk, and @ppgadvisorypartners.com) and not a domain with an alternative extension like .net, .org or .jobs.
'The main issue was we needed someone who thinks like an engineer and willing to focus on secure product design, documentation, and maintaining the security of the devices. I think we end up with a lot of security IT people who are used to monitoring network infrastructure and things like that vs. thinking about building a product with secure features.'
HM's Top Need: Background in security (education and/or certifications) Willingness to create and maintain documentation Excellent communication skills and willingness to work with less technical team members to understand security concepts Education Required: Bachelors Years' Experience Required: 2
Location: Lafayette, Colorado - 4 days in office per week.
Education Required: Bachelor's degree related to computer science or cybersecurity
Years' Experience Required: 2 or more
Title : Cybersecurity Specialist
Job Description :
The Acute Care & Monitoring group develops products that are designed to collect patient information from around the hospital and ensure that caregivers can make the right decisions at the right time. We strive to improve patient outcomes by ensuring that when a problem emerges at the bedside, caregivers are aware of it and can respond quickly. We analyze and learn from patient data to find better ways to provide quality care for patients. Our products are deployed in care facilities across the globe and help to save and improve lives every day. A career here is like no other. We're purposeful. We're committed. And we're driven by our Mission to alleviate pain, restore health and extend life for millions of people worldwide.
This position is primarily responsible for supporting pre-market project teams in building security deliverables. You will work with R&D teams to help them understand how to build products securely by design and how to maintain their security for their product lifetime.
Top 3 Tasks or Responsibilities in scope for this role: Working with medical device product teams to build security deliverables and documentation Building and updating SBOMs Building threat models for medical devices Top 3 things the manager is looking for in a candidate:
Experience with threat modeling Experience with SBOMs (Software Bill of Materials) Experience with CVSS scoring
Travel : N/A
Position Responsibilities :
-Build threat models for products and assess threats for risk and possible mitigations
- Build SBOMs for products and review their accuracy
- Review and interpret CVEs for impact on products
- Review and interpret penetration testing results
- Work with technical experts and product owners to measure risk associated with vulnerabilities
- Document risk assessments
- Recommend mitigations for security risks
Minimum Qualifications :
-
Bachelor's degree
in computer engineering, software engineering, cybersecurity, computer science, or related field
- 2 years of experience in a cybersecurity-related role
- Experience with networking concepts
- Effective communication both verbally and in written form
- Experience with threat modeling tools, such as Microsoft Threat Modeling Tool
- Experience with vulnerability monitoring tools such as Dependency-Track
- Experience with using the NVD
- Familiarity with the CycloneDX SBOM specification
- Experience with CVE interpretation
- Experience with CWE interpretation
- Experience with CVSS scoring methodology
- Experience explaining technical concepts to non-technical individuals
- Familiarity with FDA Pre and Post-market guidance
- Familiarity with the OWASP Top 10
- Familiarity with standards such as IEC 81001-5-1 and IEC 62304
Equal Opportunity Employer: We are proud to be an equal opportunity employer. We welcome and encourage applications from all qualified candidates regardless of race, sex, gender identity or expression, disability, age, religion or belief, sexual orientation, or any other characteristic protected by applicable laws and regulations. It is our policy not to discriminate against any applicant or employee, and we are committed to fostering a diverse, inclusive, and respectful work environment across all locations in which we operate. We believe that diversity, equity, and inclusion are fundamental to our mission and enhance our ability to serve clients globally. If you have a disability or require any reasonable accommodations during the application or interview process, please inform your recruiter or contact us directly so that we can explore the appropriate arrangements.
Fraud Alert: Candidate safety is a top priority at Planet Pharma. The industry has seen an increase in people falsely representing themselves as recruiters to gather personal information from job seekers. For your safety, do not provide sensitive data to anyone you have not spoken with thoroughly, never provide banking information during the application process and always double check the email address of the Recruiter to ensure it's from an official Planet Pharma domain (@planet-pharma.com, @planet-pharma.co.uk, and @ppgadvisorypartners.com) and not a domain with an alternative extension like .net, .org or .jobs.