One of the world’s leading Medical Technology company. Together with the customers, the company is driven to make healthcare better. The Company offers a diverse array of innovative medical technologies, including orthopaedics, medical, surgical, neurotechnology & spine products to help people lead more active and more satisfying lives.
Act as subject matter expert on VAPT and Security Testing for the respective divisions.
Perform attacks and identify vulnerabilities on interfaces (like USB, WiFi, Ethernet, Bluetooth etc.) as well as applications (Thick Client, Web and Mobile).
Responsible for understanding the overall technical capabilities of a product, typical deployment scenarios and be able to set up production equivalent infrastructure in the lab.
Partner with product teams to perform threat modeling and provide guidance on security requirements.
Help product teams to prioritize roadmap items in order to balance security and business risks.
Work closely with product teams in assessing the risks, mitigations and preparing responses to external organizations.
Evaluate application security tools for internal consumption.
Assist in the vulnerability management process including verifying identified vulnerabilities with product teams and tracking them through the vulnerability lifecycle.
Perform manual and automated security code review for complex Desktop, Web and Mobile applications to identify security flaws.
Leverage DevSecOps to embed security testing into all phases of SDLC to eliminate the repeated steps and drive efficiency.
Work with Infrastructure teams to maintain lab infrastructure (firewalls, servers and network appliances etc.).
Develop policy, procedure, and guidelines pertaining to Vulnerability Assessment and Penetration testing of Medical Devices (Embedded, Web and Mobile).
Own the queries related to process, timeline, and status of lab activities and corresponding testing activities being conducted.
Bachelor’s in Software/Electronics Engineering or equivalent degree.
Overall 12+ years of hands-on experience involving software and hardware platforms.
8+ years of experience in the field of security involving Thick Client, Web and Mobile applications.
2+ years of experience in testing interfaces like USB, WiFi, Ethernet, Bluetooth etc.
2+ years of experience in software development.
Experience in automation of routine tasks using tools like Jenkins and/or scripting languages such as PowerShell, Ruby or Python.
Understanding of Cloud based environments like Azure and AWS.
At least one professional certification like ECSA Practical/CPENT/LPT/OSCP/OSWE/OSCE or similar involving practical exams.
Published white papers/ blogs on Security Research.
Excellent communication and interpersonal skills.
Thorough working knowledge of ethical hacking tools (e.g., Kali Linux, Nessus, Nmap, Burp Suite, Metasploit, Nessus)
Deep technical understanding of common security vulnerabilities and risks, as well as countermeasures and compensating controls
Mobile Apps Code Review (iOS, Android) experience is desired
Vulnerability and Penetration Testing using tools like Kali, Nessus, Burpsuite, Qualys etc.