Product Security Specialist

At ZOLL, we're passionate about improving patient outcomes and helping save lives. We provide innovative technologies that make a meaningful difference in people's lives. Our medical devices, software and related services are used worldwide to diagnose and treat patients suffering from serious cardiopulmonary and respiratory conditions.

ZOLL Medical does not provide immigration-related sponsorship for this role. Do not apply for this role if you will need ZOLL immigration sponsorship (e.g. H1B, TN, STEM, OPT, etc.) either now or in the future.
 

Job Type
Remote

Job Summary
The ZOLL Global Security Program is seeking a Medical Device Software Security Specialist to join our Enterprise Product Security Team. The ideal candidate is a problem solver who will be responsible for working with product teams across ZOLL to ensure the security, privacy, and compliance of medical devices, patient data, and intellectual property through secure coding practices and modern security design. This role will assist medical device product teams with code/SAST reviews, implementation analysis, and CVE triage

Essential Functions 

• Assist in the implementation of the enterprise product cybersecurity program. 

• Advise product development teams regarding the implementation of cybersecurity controls, the design of security-related features, and the delivery of cybersecurity regulatory requirements. 

• Assist with SBOM management utilizing enterprise-wide tooling. 

• Assist product teams with the development of processes and documentation to support regulatory submissions including cybersecurity risk assessments, security testing results, and mitigation strategies. 

• Provide technical insite to threat modeling and risk assessments to guide product teams for new and existing ZOLL medical devices.  

• Assist with the intake and management of Coordinated Vulnerability Disclosures through closure and notification. 

• Assist in the development and management of an SBOM request process including intake and distribution. 

• Collaborate with R&D and engineering teams to integrate security into the design and development of medical devices.  

• Provide guidance on secure coding practices, encryption, and access controls. 

• Stay updated on regulatory requirements and industry best practices related to medical device security to include U.S. and OUS regulations.  

• Stay updated on the latest security threats, trends, and technologies related to medical devices and disseminate this knowledge across the organization.  

• Maintain and review policies and governance related to the secure development of products 

• Responds to product security questions from sales and regulatory agencies 

• Support sales and marketing for communicating product security updates and vulnerability responses.

• Participation in ISAOs (Information Sharing and Analysis Organizations) and H-ISAC 

 
Required/Preferred Education and Experience 

• Bachelor's Degree BS degree or equivalent in Computer Science, Electrical/Computer Engineering, Cybersecurity, or related engineering or science discipline required. 

• 3 years’ experience in cybersecurity focused on medical devices or healthcare technology required. 

• 3 years of software development life-cycle experience preferred.

• Experience with Windows, Linux, and mobile (Both native and hybrid) environments.

• Experience developing or analyzing secure coding practices with technologies such as ASP.Net (C#), SQL Server, HTML, C++.

• Certification in security such as CAP, Security+, CSSLP, or equivalent Preferred but not required.

 
Knowledge, Skills, and Abilities 

• Effective written and oral communication on the technical aspects of embedded security with the target audience ranging from developers to FDA auditors.

• Develop and maintain technical and promotional material, like security white papers or MDS², for customer consumption and internal training

• Knowledge of industry specific cybersecurity frameworks and regulatory requirements such as FDA Pre and Post-market Guidance on Cybersecurity for Medical Devices, EUMDR, NMPA, TIR57, and IEC62304, IEC 81001-5-1:2021, NIST Cyber security Framework  

• Familiarity with SAST, DAST, IAST, OSS, fuzzing and threat modeling tools.

• Critical Thinking

Travel Requirements

• 5-10% may be required

Physical Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.

• Standing - Occasionally

• Walking - Occasionally

• Sitting - Constantly

• Talking - Occasionally

• Hearing - Occasionally

• Repetitive Motions - Frequently

ZOLL is a fast-growing company that operates in more than 140 countries around the world. Our employees are inspired by a commitment to make a difference in patients's lives, and our culture values innovation, self-motivation and an entrepreneurial spirit. Join us in our efforts to improve outcomes for underserved patients suffering from critical cardiopulmonary conditions and help save more lives.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.