MediView is building the future of surgical guidance and navigation with Augmented Reality (AR) and Artificial Intelligence (AI). The Cybersecurity Product Engineer will lead efforts to evaluate and design product security, protect and monitor the company’s digital assets, designing and maintaining systems to prevent unauthorized access and data breaches. Responsibilities include analyzing network vulnerabilities, developing and implementing security solutions, and ensuring adherence to strong security policies. This role requires collaboration with leadership to promote awareness of cybersecurity practices and with other departments to address emerging threats. The engineer will also work closely with quality and regulatory teams to align policies with medical device security standards.

DUTIES AND RESPONSIBILITIES:

• Lead cybersecurity activities related to product design/configuration and IT infrastructure.
• Generate threat models and vulnerability assessments as part of the product design and maintenance processes.
• Oversee hospital IT product security relationships, including security questionnaires and review activities.
• Author and maintain company SOPs regarding cybersecurity in the design process and IT infrastructure.
• Define, implement, and enforce corporate security policies and best practices with existing or new tools
• Create solutions for pre-existing and/or new security issues
• Determine the appropriate security risk controls to reduce security risks
• Implement high-tech solutions to defend against hacking, malware and ransomware, insider threats and all types of cybercrime.
• Oversee any changes in facilities, software, hardware, user needs and telecommunications
• Promptly respond to data security crises and documenting effectively
• Conduct network maintenance
• Provide information assurance
• Test these safety measures' execution frequently ensures that the system runs safely and sound.
• Assist in the development of standard cost estimates and establish standard cost.
• Ability to work cross-functionally in a team environment.
• Ability to work flexible hours.
• Ability to work in a regulated environment (FDA, ISO, OSHA).
• Perform all other duties as assigned.

QUALIFICATIONS:

• Bachelor's degree in engineering or cybersecurity preferred.
• Professional certification such as CISSP is highly preferred but not required.
• Knowledgeable in medical industry related cybersecurity standards and procedures, including AAMI SW96, AAMI TIR57, AAMI TIR97.
• Experience performing threat modeling, vulnerability assessment, and security risk assessment.
• Technically knowledgeable of Good Cyber Security Practices relating to computer networks and systems
• Intrusion detection/prevention protocols
• Security testing methodologies like penetration testing
• Encryption, cryptography and application security technologies
• Experience with operating systems, code development and networking
• Secure network architecture
• TCP/IP, user datagram protocol (UDP), IP security (IPSec), HTTP, HTTPS, routing protocols and other network and web-related protocols
• Knowledge of MRP/ERP is preferred
• Firewall installation
• Incident response
• Knowledge of computer networks and network solutions
• Identity and access management
• Windows, Linux and UNIX operating systems
• Virtualization technologies
• Subnetting
• Domain name server (DNS)
• Familiar with management and oversight of Microsoft O365 environment
• Network routing methods like virtual private networks (VPNs), virtual LANs (VLANs) and voice over IP (VoIP)
• Phishing, advanced persistent threats (APT) and social engineering
• Network access controllers (NAC)
• Gateway anti-malware
• Enhanced authentication
• Must be able to lift approximately 50-75 lbs. occasionally.