Company Description

MedSec is exclusively dedicated to the unique challenge of medical device and healthcare cybersecurity. MedSec partners with medical device manufacturers and healthcare delivery organizations to help address cybersecurity in medical devices throughout all stages of the device lifecycle. With medical device manufacturers, MedSec leverages its cybersecurity expertise, coupled with its intimate knowledge of the healthcare regulatory and operating environments to offer support in design, architecture, verification, penetration testing, risk assessments, regulatory filings, and execution of security best practices in the development of new medical devices as well legacy systems. With Healthcare Delivery Organizations MedSec leverages its intimate knowledge of medical devices to offer software solutions for cybersecurity and asset management of connected medical devices in hospitals. MedSec is an active participant in helping move the cybersecurity healthcare community forward and participates in a number of standards and best practice committees involved in furthering cybersecurity for medical products.


Overview

MedSec Penetration Testers work on security assessment projects, including custom embedded devices, desktop software applications, web applications, and mobile apps of customer products. Projects will involve both onsite (at customer premises) and office-based work, so the ability to travel is a must. Titles and compensation will be commensurate with experience.


Requirements

  • Excellent communication skills
  • Fluent in English
  • Familiarity with security assessment processes (vulnerability identification, documentation, impact analysis, and presentation)
  • Strong problem solving and analytical skills
  • Good understanding of embedded systems architecture concepts
  • Good understanding of systems-level concepts
  • Good understanding of cryptographic primitives
  • Basic reverse engineering skills
  • Code auditing skills
  • Familiarity with hardware and systems debugging techniques
  • Ability to write technical reports
  • Ability to travel up to 25% to customer premises

Experience

  • 10+ years as a security researcher and penetration tester with experience in multiple (not all required) areas:
    • Web application
    • Secure code review
    • Mobile application
    • Threat Modeling
    • Secure Architecture Design
    • Embedded
    • Cloud security

Also, any of the following (not strictly required) skills will be considered a plus:

  • A public record of discovered vulnerabilities.
  • Public technical writing and/or presentations on relevant subjects.