We’re hiring! If you want your contributions to make a real difference, check out this new career opportunity with us at Draeger where we are led by the guiding principle “Technology for Life”.

In this role you will:

• Review & triage results coming from existing controls (e.g. bug reviews, 3rd party analysis, etc.).
• Gather engineering teams to develop solutions on how to best address individual vulnerabilities.
• Coordinate with the Product Security Manager and Cross Functional Teams to get needed improvements included in next available release.
• Lead cybersecurity training events for engineering organization. Drive compliance to corporate cybersecurity policies as well as all external regulatory agencies.
• Lead product threat modeling and assessment activities, leading towards Common Vulnerability Scoring System (CVSS) score. Work with Risk Assessment organization to assess system risk of items identified during threat modeling, creating system hazard requirements as required per process based on this assessment activity.
• Responsible for Draeger compliance with latest DoD Security Technical Implementation Guide’s (STIG’s) via monthly Nessus vulnerability scanning to maintain DoD RMF certification for Draeger RMF qualified products. Design, develop, test, and maintain Penetration, Fuzz testing, and other vulnerability testing tools for the purpose of evaluating the cybersecurity readiness of Draeger products.
• Responsible for creating, updating, and posting Manufacturer Disclosure Statements for Medical Device Security (MDS2) and other required customer facing documents as required per Draeger cybersecurity processes.
• Responsible for the per process periodic Review Software Bill of Materials (SBOM), looking for newer versions of listed software items that need to be evaluated for cybersecurity vulnerability fixes and scored using the CVSS method. All results shall be documented per process and will be used as input to system risk analysis.
• Responsible for creating, releasing, and publishing Cybersecurity Advisories to Draeger customer facing web site to meet required regulatory agency disclosure rules and internal Draeger cybersecurity processes.
• Participate in post market release team reviews of cybersecurity field complaints, providing guidance on severity and probability scoring for each identified vulnerability, setting priority order on items that need to be fixed/resolved.
• Create and release all Draeger process required cybersecurity program documents. These documents will be stored in the design history file of the product as proof of compliance to process.
• Performs other duties as needed and assigned.

Education:

BS Cybersecurity, Computer Science or other technically related field; MS Cybersecurity or Computer Science preferred.

Related Experience:

• 5-10 years of practical application security work experience, preferably including some or all of the following: source code auditing, penetration testing, product assessments, vulnerability research, reverse engineering, and related pursuits.
• 5 years of practical software development experience - C/C++/, Python, JavaScript
• Experience using the Microsoft Threat Modeling tool
• Working knowledge of DoD STIGs

Special Competencies or Certifications:

• Excellent attention to detail, quality, and customer satisfaction.
• Strong analytical, organizational, and technical writing skills.
• Proficient in network scanning tools - Nessus
• Prototyping ability – the skill to quickly solve a problem and demonstrate feasibility with little notice
• Certified Ethical Hacker
• CompTIA Security+
• CISSP: Certified Information Systems Security Professional
• Windows, UNIX and Linux operating systems knowledge
• SANS GIAC Security Essentials
• CISA: Certified Information Systems Auditor
• CISSP-ISSMP: Information Systems Security Management Professional
• Working knowledge of ISO 14971
• Practices and methods of IT strategy, enterprise architecture and security architecture
• Security concepts related to DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies
• ISO 27001 & 27002, NIST Cybersecurity framework
• PCI, HIPAA, NIST, GLBA and SOX compliance assessments
• Firewall and intrusion detection/prevention protocols
• Secure coding practices, ethical hacking and threat modeling
• TCP/IP, computer networking, routing and switching
• Network security architecture development and definition

This role is based out of our beautiful Andover, MA facility which offers many benefits including an onsite fitness center with yoga and fitness training classes, onsite game rooms, full-service café, free parking and more. Andover supports the design and assembly of our patient monitoring products.

Benefits
Dräger is responsible for life. The lives of our employees are especially important to us, therefore, Dräger believes in fostering a culture that places the focus on employee health & wellbeing, both in the office and at home. We offer a generous benefits package that includes, comprehensive medical, dental & vision coverage, paid time off starting at 4+ weeks per year, tuition reimbursement, 401k match, wellness and employee support programs, life insurance and more!

In North America, Draeger employees over 1,400 employees working in our major sites in the United States and Canada (in the US: Andover, MA; Telford, PA; Houston,TX and in Canada: Mississauga, ON), including our Sales and Service workforce employees from coast to coast.

Equal Opportunity Employer – Disability and Veteran

• This is an onsite & offsite hybrid position

Draeger is a leading international company in the fields of medical and safety technology. Whether in clinical applications, in industry, mining or emergency services: Draeger products protect, support and save lives. That's what our more than 15,000 employees have been striving for - every day for more than 130 years. Dräger - Technology for Life ®

• Company sports and prevention courses
• Professional development opportunities and coaching
• Contributions to (occupational) pension plans
• Flexible working time
• Health center and gym
• Health Insurance
• Retirement savings