Responsible for ensuring that Samsung Healthcare’s medical imaging devices are designed, developed and maintained to protect against cybersecurity threats throughout the product lifecycle.
Responsible for cybersecurity risk management, secure product development, DoD Risk Management Framework (RMF) compliance, vulnerability management and support of FDA and other global cybersecurity regulatory requirements.
Lead product cybersecurity incident response activities and coordinate technical escalations from customers, service teams and internal stakeholders.
Maintain and support Department of Defense Risk Management Framework (RMF) compliance, including Authorization to Operate (ATO) packages, security documentation, continuous monitoring activities and Plan of Action & Milestones (POAM) management.
Perform cybersecurity risk assessments, including asset identification, threat modeling, vulnerability analysis, and security control evaluation for medical devices.
Collaborate with R&D teams to integrate cybersecurity throughout the secure software development lifecycle (SSDLC) and ensure traceability between cybersecurity requirements, risks, mitigations, verification activities and design documentation.
Complete RFPs, RFQs, and security questionnaires during the sales process, and respond to customer cybersecurity inquiries.
Support cybersecurity verification and validation activities, including penetration testing, vulnerability assessments, security testing and remediation verification.
Coordinate vulnerability management activities including security advisories, CVE assessments, software bill of materials (SBOM) review, patch evaluation, remediation planning and security updates for all products.
Engage customers, government agencies, and other stakeholders to ensure compliance with cybersecurity requirements and define best practices.
Collaborate with sales and marketing to integrate cybersecurity as part of go-to-market strategy.
Stay current on applicable security laws, regulations and industry standards.
Maintain technical knowledge of Samsung Healthcare products and associated cybersecurity architecture.
Work independently with minimal supervision, and collaboratively as part of a cross functional team.
Effectively manage priorities while balancing technical, regulatory and business objectives.
Requirements
Bachelor's degree in Computer Science, Cybersecurity, Computer Engineering, Information Systems, or a related technical field.
5+ years of experience in a hands-on security engineering role
Experience with ANSI/AAMI TIR57, UL 2900, ISO 14971, IEC 62304, IEC 81001-5-1 and IEC/TR 80001-2-2.
Extensive knowledge of FDA medical device cybersecurity guidance, NIST cybersecurity frameworks, FIPS publications, and DoD RMF processes.
Experience securing network-connected medical devices, embedded systems, or regulated products preferred.
Experience with one or more of the following: Static and dynamic application security testing (SAST/DAST), SBOM generation and analysis.
Tech Stack
Cyber Security
Benefits
Medical (Blue Benefit Administrators): 5 PPO Plans ( with up to 95% employer contribution )
Dental (Blue Cross Blue Shield): 2 PPO Plans ( with up to 80% employer contribution )
Vision (Blue Cross Blue Shield): 100% company paid
Short/Long Term Disability, Life & AD&D (The Standard): 100% company paid
401k Retirement (Fidelity): 100% company match up to 5%
Tax Deferred Health Care Savings Programs
Accident Insurance, Critical Illness, Hospital Indemnity, Pet, Legal, ID Theft
Generous paid time off, tuition reimbursement, and more!