Cybersecurity Test Engineer II

Overview

The Cybersecurity Test Engineer II primary role is to identify and verify cybersecurity vulnerabilities and testing and verifying cybersecurity patches to be applied to Spacelabs Products. The Cybersecurity Test Engineer works as a key contributor to the Cybersecurity Team. Additionally this role participates in the Cybersecurity Team in responding to Sales Questionnaires.

Responsibilities

• Perform cybersecurity testing vulnerability and penetration testing under supervision.
• Documents targets, test plan, scenarios tested, findings, test evidence and recommendations in Cybersecurity test reports.
• Simulate tactics, techniques and procedures used by advanced cyber threat actors (i.e., “Hackers”).
• Leverage internal and external resources to research threats, vulnerabilities and intelligence on various attackers and attack infrastructure.
• Recognize and safely utilize attacker tools, tactics, and procedures
• Evaluates cybersecurity tools used in exploit development
• Provides assistance in security awareness and training activity
• Support Product Investigations for complaints and incidents
• Participates and sometimes leads the Sales Questionnaire Responses for cybersecurity.
• Participates as an active Cybersecurity team member in requirement reviews and team meetings.
• Analyze and review vulnerabilities and/or weaknesses identified by customer complaints.
• Participate in management technical reviews on test activities, scenarios, and results.
• Follows corporate standards and procedures
• Collaborates and shares knowledge with team members via formal and informal methods on a regular basis
• Provide regular assessment progress updates that include sufficient detail to convey work completed and upcoming activities
• Participates as an active Spacelab Cybersecurity team member in requirement reviews and team meetings
  
  

• Knowlege/experience and understanding of firmware, operating systems, applications, networks and network protocols, encryption algorithms, Access Control Models
• Knowledge/experience and understanding of Software and Hardware engineering, reverse engineering, web applications, databases, scripting,
• Some knowledge in Operating Systems (Linux, MS Windows) Databases (MS SQL, MySQL, Postgres), Application/Web Servers (Apache, IIS, Wildfly), Microsoft WSUS
• Some knowledge/experience in Networking, including switching, routing, firewalls and vulnerabilities
• Security Testing Tools such but not limited to - Tenable Nessus, Rapid7 InsightVM, Metasploit, BurpSuite, NetSparker, Wireshark)
• Must have the ability to handle many software exploits and take ownership for the assigned security assessments
• Must have the ability to take ownership for high complexity Security Assessments.
• Ability to operate Spacelabs Medical Devices and Solutions.
• Knowledge of Secure Coding and Development including OWASP Top 10 and MITRE/SANS Top 25
• Secure Software Development Life Cycle
• Security Frameworks (ISO 2700x, NIST Special Publications)
• Static Code Analysis
• Cloud Development and Cloud Security Testing
• Understand medical device regulations and quality system requirements
• Familiarity with some common attacks:
• Password Cracking
• Cross site request forgery
• Cross site scripting
• Improper Authorization
• Improper Authentication
• Privilege Escalation
  

• Passionate about Agile software processes, data-driven development, reliability, and experimentation
• Openness to working on a collaborative, cross-functional Agile solution team
  
  

• Self-motivated with strong problem-solving and learning skills
• Professional attitude and service orientation; team player
• Flexibility to changes in work direction as the project develops
• Good verbal and written communication and listening skills
• Ability to work well with others and under pressure
• Strong analytical and critical observation skills
  
  

• Team player that works collaboratively across Spacelabs.
• Passion for discovering and researching new vulnerabilities and exploitation techniques
• Strong work ethic; ability to work at an abstract level and gain consensus
• Able to build a sense of trust and rapport that creates a comfortable and effective workplace
• Attitude to thrive in a fast-paced environment
• Open minded to new approaches of learning
• Takes ownership and responsibility for data work