Cybersecurity Software Development Engineer
We are looking for a Cybersecurity Software Development Engineer to join our team.
- Develops software security strategies compliant with medical device regulations
- Supports SW development teams in the creation of Digitec Platform cybersecurity threat model based upon software system design
- Leads SW development teams in the creation of cybersecurity vulnerability assessments and specify risk controls
- Supports teams in the creation of documentation of cybersecurity risk management
- Keeps abreast of state-of-the-art cybersecurity practices and latest standards and verification techniques
- Maintains regular, periodic vigilance of latest vulnerabilities in third-party software and works with Regulatory and Quality teams to action to patch or develop workarounds for new vulnerabilities posing an unacceptable risk
- Performs regular periodic product security testing
- Performs vulnerability scans on Digitec Platform before production release
- Assists SW development teams in penetration testing
- Participates in design review, code reviews and inspections of actual code base to ensure proper implementation of security control measures and defensive coding practices.
- Maintains Software of Unknown Provenience (SOUP) and Cybersecurity Management documents up to date
- Maintains MDS2 forms (Manufacturer Disclosure Statement for Medical Device Security) up to date
- Bachelor in software engineering or Cybersecurity required (a degree in another Engineering or Scientific discipline may be acceptable with proven software education and/or training and demonstrated software experience.)
- Required 1+ years overall of related software engineering experience in development and/or verification or a four-year degree and internship experience.
Nice to have:
- Knowledge of cybersecurity standards for medical devices (IEC 81001-5-1 and IEC/TR 60601-4-5) is highly desirable
- Certification or training in software security is highly desirable
- 1+ years experience of software development in C, C++, or C# is highly desirable
- Experience performing risk assessments is desirable (in accordance with ISO 14971)
- Significant course work or at least 1 year of direct experience in the cybersecurity field is desirable
- Knowledge (at least basic level) of DevOps solutions for testing automation and CI/CD methods, preferably with practical experience is desirable
What we offer:
- Possibility to learn and become more and more autonomous through an initial induction path and continuous training on the job, working side by side with senior colleagues
- Stimulating and constantly evolving context
- Training to increase technical and soft skills
- Excellent business climate that allows you to work peacefully giving your best
- Flexible working hours and smart working
- Changing rooms and showers in Company Building that allow athletes to train during their lunch break.