Product Security Risk Analyst (m/w/d)

We are currently looking for a Product Security Risk Analyst for an exciting project in Berlin.

Your tasks in detail:
+ "secure by design" medical devices are engineered by partnering with R&D teams to conduct product cybersecurity risk assessments focused on medical devices, systems, and services.
+ Maintain up-to-date knowledge of the global cybersecurity landscape, particularly in regards to hemodialysis and peritoneal dialysis and related products and personal health information including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
+ Assess the risk of new and current medical devices, treatment services, and digital solutions (Cloud-based services, Mobile Applications, IoT Services, etc.).
+ Ensure the confidentiality, integrity, and availability of the data residing on or transmitted to/ from/ through FMC’s medical devices, treatment services, and in databases and other data repositories developed by GRD.
+ Participate in security software code reviews.
+ Support the design and execution of vulnerability assessments, penetration tests and security audits.
+ Perform regular security awareness training to ensure consistently high levels of compliance with security policy.
+ Aligning and collaborating with fellow FMC security professionals (CSIO, Protection/Security Law, etc.).
+ Analyzes and assesses vulnerabilities in hemodialysis and peritoneal dialysis medical device products and related services, investigate/implement security controls to remedy the detected vulnerabilities,
+ Tests for compliance with security policies and procedures.

Must:
+ Cyber Security Engineer
+ Regulated Environment Experience
+ Embedded Devices
+ Network Devices
+ English

+ 5 - 10 years related engineering experience in cybersecurity
+ Strong secure design/development best practice knowledge
+ Industry certifications preferred
o CISA/CISM
o CSSLP a huge plus
o CISSP
o Certificate of Cloud Security Knowledge
o Security+
o OSCP
o CEH
+ Knowledge of Microsoft Security Development Lifecycle including Threat modeling, vulnerability analysis, and secure coding practices will be a plus
+ Expertise with the Microsoft Threat Modeling Tool and custom template building a huge plus
+ Knowledge of Static code analysis and usage of tools like Fortify SCA and Klocwork a plus
+ Knowledge of fuzzing concepts and tools a plus
+ Management level • Certified Information Security Manager (CISM) - Preferred
+ Knowledge of ISO/IEC 62443 4-1, 4-2 a huge plus
+ Knowledge and understating of Medical Device Regulation, Quality, and Design Controls (ISO 13485, ISO14971, FDA 21 CFR 820.30) Preferred.
+ Knowledge of a cybersecurity framework a plus (Ex. NIST SP 800, ISO 27000, NIST CSF)
+ Communication and presentation skills both across technical and non-technical audiences, both written and in-person.
+ Ability to partner with a diverse set of global groups
+ Strong Communication and Documentation skills.
+ Competent mentoring and coaching skills.
+ Open to learning designs of medical devices.

Konnten wir Ihr Interesse wecken? Dann freuen wir uns auf die Zusendung Ihres aussagekräftigen Qualifikationsprofils unter Angabe Ihrer Stundensatzvorstellung.