The Job Responsibilities
Lead architecture and design reviews to identify cybersecurity risks in new and existing products/systems, leads threat modeling activities, and prioritizes remediation work. Review & triage results coming from existing controls (e.g. bug reviews, 3rd party analysis, etc.). Gather engineering teams to develop solutions on how to best address individual vulnerabilities. Coordinate with the Product Security Manager and Cross Functional Teams to get needed improvements included in next available release. Lead cybersecurity training events for engineering organization. Drive compliance to corporate cybersecurity policies as well as all external regulatory agencies.
- Lead product threat modeling and assessment activities, leading towards Common Vulnerability Scoring System (CVSS) score. Work with Risk Assessment organization to assess system risk of items identified during threat modeling, creating system hazard requirements as required per process based on this assessment activity.
- Responsible for Draeger compliance with latest DoD Security Technical Implementation Guide’s (STIG’s) via monthly Nessus vulnerability scanning to maintain DoD RMF certification for Draeger RMF qualified products. Design, develop, test, and maintain Penetration, Fuzz testing, and other vulnerability testing tools for the purpose of evaluating the cybersecurity readiness of Draeger products.
- Responsible for creating, updating, and posting Manufacturer Disclosure Statements for Medical Device Security (MDS2) and other required customer facing documents as required per Draeger cybersecurity processes.
- Responsible for the per process periodic Review Software Bill of Materials (SBOM), looking for newer versions of listed software items that need to be evaluated for cybersecurity vulnerability fixes and scored using the CVSS method. All results shall be documented per process and will be used as input to system risk analysis.
- Responsible for creating, releasing, and publishing Cybersecurity Advisories to Draeger customer facing web site to meet required regulatory agency disclosure rules and internal Draeger cybersecurity processes.
- Participate in post market release team reviews of cybersecurity field complaints, providing guidance on severity and probability scoring for each identified vulnerability, setting priority order on items that need to be fixed/resolved.
- Create and release all Draeger process required cybersecurity program documents. These documents will be stored in the design history file of the product as proof of compliance to process.
- Performs other duties as needed and assigned.
BS Cybersecurity, Computer Science or other technically related field; MS Cybersecurity or Computer Science preferred.
- 5-10 years of practical application security work experience, preferably including some or all of the following: source code auditing, penetration testing, product assessments, vulnerability research, reverse engineering, and related pursuits.
- Experience using the Microsoft Threat Modeling tool
- Working knowledge of DoD STIGs
Special Competencies or Certifications:
- Excellent attention to detail, quality, and customer satisfaction.
- Strong analytical, organizational, and technical writing skills.
- Proficient in network scanning tools - Nessus
- Prototyping ability – the skill to quickly solve a problem and demonstrate feasibility with little notice
- Certified Ethical Hacker
- CompTIA Security+
- CISSP: Certified Information Systems Security Professional
- Windows, UNIX and Linux operating systems knowledge
- SANS GIAC Security Essentials
- CISA: Certified Information Systems Auditor
- CISSP-ISSMP: Information Systems Security Management Professional
- Working knowledge of ISO 14971
- Practices and methods of IT strategy, enterprise architecture and security architecture
- Security concepts related to DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies
- ISO 27001 & 27002, NIST Cybersecurity framework
- PCI, HIPAA, NIST, GLBA and SOX compliance assessments
- Firewall and intrusion detection/prevention protocols
- Secure coding practices, ethical hacking and threat modeling
- TCP/IP, computer networking, routing and switching
- Network security architecture development and definition
The Dräger Workplace
In North America, Draeger employees over 1,400 employees working in our major sites in the United States and Canada (in the US: Andover, MA; Telford, PA; Houston / Coppell, TX, and in Canada: Mississauga, ON), including our Sales and Service workforce employees from coast to coast.
The design, development and manufacturing of Draeger’s Patient Monitoring product line takes place in our Andover, Massachusetts location.
Equal Opportunity Employer – Disability and Veteran
*This is an onsite & offsite hybrid position
Who we are
Draeger is a leading international company in the fields of medical and safety technology. Whether in clinical applications, in industry, mining or emergency services: Draeger products protect, support and save lives. That's what our more than 15,000 employees have been striving for - every day for more than 130 years. Dräger - Technology for Life ®
What we offer
Additional/Voluntary Insurance; Education & Training; Health center and gym; Health Insurance; Retirement Savings; Special Assistance; Time Away; Workplace Wellness