Cybersecurity Engineer (QUAD) - Hybrid Remote

Job Expired

About the job

Grow your career at Cedars-Sinai!

QUAD is a business unit of Technology Ventures at Cedars-Sinai and a registered medical device manufacturer. The Cedars-Sinai Cardiac Suite (thecardiacsuite.com) has led the field of quantitative nuclear cardiology for over 25 years and remains the preeminent software solution for cardiac molecular imaging. Over the past year QUAD has substantially expanded its team and is preparing to release new products, implement new deployment models, and comply with new regulations worldwide—all of which will benefit from the experience of an analytical, meticulous Cybersecurity Engineer.

Why work here?

Cedars-Sinai Medical Center has been ranked the #1 hospital in California and #2 hospital in the nation by U.S. News & World Report, 2022‑23. Beyond an outstanding benefit package and competitive salaries, we take pride in hiring the best, most committed employees. Our staff reflects the culturally and ethnically diverse community we serve. They are proof of our dedication to creating a multifaceted, inclusive environment that fuels innovation and the gold standard of patient care we strive for.

What Will You Be Doing In This Role

The Cybersecurity Engineer owns the security aspects of software development for the Quantitative Diagnostic (QUAD) Software Group at Cedars-Sinai. The Cybersecurity Engineer is an integral part of the software engineering team, focused on improving the security and resilience of QUAD products for our partners and customers. Under the supervision of the Manager, Software Engineering, this critical position ensures that our products implement the latest security best practices. As part of a small development team, the Cybersecurity Engineer enjoys significant autonomy in tailoring solutions that meet cybersecurity requirements, including their regulatory components as mandated by the latest FDA and IEC standards and guidances for medical devices.

Works within the engineering team to review cybersecurity needs throughout QUAD’s software offering, such as password encryption/hashing, network traffic encryption, key/certificate management, etc.
Regularly monitors vulnerability databases for exploits that may affect QUAD’s offering through third-party toolkits and APIs. Works with the software engineers to implement mitigations as appropriate.
Regularly monitors the results of static and dynamic code analysis tools and suggests product improvements and proactive mitigations.
Monitors changes to regulatory requirements as applicable to cybersecurity in collaboration with the QA/RA department. Assesses the impact of regulatory changes to product compliance.
Prepares periodic regulation-mandated cybersecurity reports as the subject matter expert. Works with the QA/RA department to provide audit support on cybersecurity matters.
Maintains the software bill of materials.
Responds to OEM/licensee queries on cybersecurity matters (e.g., impact assessment of vulnerabilities on specific licensee platforms/configurations, etc.)
Works with the DevOps team to increase infrastructure security by identifying gaps and implementing best practices.

Experience Requirements

Five (5)+ years of experience and increased responsibilities in application design, software development, or IT administration.
Three (3)+ years of experience in a cybersecurity engineering role (required).
Strong knowledge of common attack tools, concepts, and frameworks.
Experience with static and dynamic code analysis tools.
Working knowledge of vulnerability tracking sources and tools.
Demonstrated experience with certificate management fundamentals for networking and code-signing.
C++ programming experience (preferred).
Understanding of network and application protocols, especially those used in medical devices (HTTP, TLS, DICOM, HL7; preferred).
Experience with regulatory cybersecurity requirements and risk analysis (preferred; specifically, as they pertain to medical devices).