Job Description
Harbor Labs is currently seeking candidates for the Medical Device Security analyst position. This position reports directly to the Director of Medical Security, supporting the company’s medical device security consulting practice. Duties include providing engineering related to the cybersecurity and cybersafety requirements of medical clients seeking regulatory or professional certifications, as well as maintaining an ongoing security awareness of client devices post engagement.
Typical Activities Include
Perform manual and automated firmware analysis on target devices
Perform pen tests, fuzzing and custom exploit attacks against client medical systems
Review deployment architectures, topologies and conops for compliance with regulatory security mandates
Produce security reports suitable for submission to regulatory bodies
Education
Preferred education level: Bachelor’s degree in Computer Science, Computer Engineering or related fields. Graduate degree is desirable.
Required Qualifications
3+ years of experience performing software or networking security analyses
2+ years of experience with exploitation tools, such as Kali Linux, Burp, Nmap, Wireshark, Nessus, Metasploit, Core Impact, and Cobalt Strike, WebInspect, AppDetective, Hailstorm, Aircracking, and Kismet
Familiarity with medical equipment, associated software and common deployment models.
Ability to clearly convey results in formal technical reports and deliver briefings to senior client staff
Strong technical communication and leadership skills to lead investigations with engineers of multiple disciplines
Ability to work well with internal technical staff and external customers and technology partners
Preferred Additional Qualifications
Knowledge of medical equipment cyber security principles and documentation
UL 2900-2-1 Requirements
MDS2
Patch validation
FDA OS patch regulations
FDA reporting
ICS-CERT reports
Knowledge of PHI handling and HIPAA requirements