Cybersecurity Engineer (Medical Device Project – Class II) Part-Time IRC269112

職種概要

We are developing an innovative medical application classified as a Class II medical device. This project involves a secure, single-application KIOSK mode application running on a Linux tablet, and a complementary Angular web application with a cloud-based backend.

Job Summary:
We are seeking a highly skilled and experienced Part-Time Security Engineer(e.g., 15-25 hours/week). The ideal candidate will have a strong background in cybersecurity, specifically within the medical device sector, and a deep understanding of securing Linux-based systems, web applications, cloud environments, and sensitive healthcare data. You will be responsible for reviewing the solution and ensuring strict adherence to FDA, HIPAA, and other relevant medical cybersecurity standards for Class II devices; proposing security improvements; and the security-related documentation on the project. #LI-OK4

必要条件

Required Skills & Experience:

• 3+ years of experience in cybersecurity, with at least 1-2 years specifically in medical device security or highly regulated industries.
• Proven expertise in Linux operating system security and hardening, especially for embedded or kiosk mode environments.
• In-depth knowledge and practical experience with TPM 2.0 features (e.g., secure boot, measured boot, remote attestation).
• Experience with data encryption at rest and in transit, including database encryption and network communication (TLS/SSL, VPNs).
• Strong understanding of web application security (OWASP Top 10), particularly with Angular applications.
• Hands-on experience with OAuth 2.0 and Two-Factor Authentication (2FA) implementation and best practices.
• Experience securing cloud environments, preferably AWS, including services like IAM, Lambda, S3, RDS, VPC, and security groups.
• Proficiency in security tools for static analysis (SAST), dynamic analysis (DAST), vulnerability scanning, and penetration testing.
• Solid understanding of cryptographic principles, secure key management, and secure random number generation.
• Mandatory experience with FDA cybersecurity guidance for medical devices (e.g., premarket submissions, postmarket management).
• Expertise in HIPAA Security Rule compliance.
• Excellent written and verbal communication skills, with the ability to articulate complex security concepts to technical and non-technical stakeholders.

Optional Qualifications:

• Familiarity with PACS server communication and DICOM security considerations.
• Relevant security certifications (e.g., CISSP, CSSLP, CEH, AWS Security Specialty).
• Experience with security aspects of real-time operating systems (RTOS) if applicable.
• Knowledge of common industry standards like ISO 27001, NIST Cybersecurity Framework, and IEC 62304.
• Experience with continuous integration/continuous delivery (CI/CD) pipelines and integrating security into DevOps workflows (DevSecOps).

職務内容

• Security Architecture & Design:
Contribute to the secure design and architecture assessment of the Linux tablet application (Kiosk mode), including secure boot, Trusted Platform Module (TPM 2.0) integration, and data at rest encryption, secure communication protocols, including PACS server integration (DICOM security).
Advise on the secure implementation of the localhost web server within the tablet application.
Collaborate on the security architecture of the Angular web application, focusing on robust OAuth 2.0 with 2FA implementation.
Ensure the AWS backend infrastructure and encrypted databases are architected with security best practices (e.g., IAM, VPC, security groups).

• Static & Dynamic Analysis:
Oversee static code analysis (SAST) and dynamic application security testing (DAST) for both the Linux and Angular applications.
Conduct vulnerability assessments, penetration testing, and fuzzing to identify and address security weaknesses.

• Compliance & Standards Adherence:
Ensure all application components and processes comply with FDA cybersecurity guidance for medical devices (Class II).
Guarantee full adherence to HIPAA Security Rule for the protection of Protected Health Information (PHI).
Implement controls aligning with other relevant medical device cybersecurity standards (e.g., IEC 62304 for software lifecycle, NIST Cybersecurity Framework, ISO 27001 where applicable).Maintain thorough security documentation for regulatory submissions and audits.

• Threat Modeling & Risk Management:
Participate in threat modeling exercises (e.g., STRIDE) for new and existing features.
Contribute to the ongoing security risk management process throughout the software development lifecycle.

• Secure Development Practices:
Advise development teams on secure coding practices (e.g., OWASP Top 10 for web applications) and cryptographic best practices (e.g., AES key generation and management).

• Incident Response & Monitoring:
Contribute to the development of security incident response plans specific to the medical device context.
Advise on security monitoring and logging strategies.

私たちが提供するもの

Culture of caring. At GlobalLogic, we prioritize a culture of caring. Across every region and department, at every level, we consistently put people first. From day one, you’ll experience an inclusive culture of acceptance and belonging, where you’ll have the chance to build meaningful connections with collaborative teammates, supportive managers, and compassionate leaders. 

Learning and development. We are committed to your continuous learning and development. You’ll learn and grow daily in an environment with many opportunities to try new things, sharpen your skills, and advance your career at GlobalLogic. With our Career Navigator tool as just one example, GlobalLogic offers a rich array of programs, training curricula, and hands-on opportunities to grow personally and professionally.

Interesting & meaningful work. GlobalLogic is known for engineering impact for and with clients around the world. As part of our team, you’ll have the chance to work on projects that matter. Each is a unique opportunity to engage your curiosity and creative problem-solving skills as you help clients reimagine what’s possible and bring new solutions to market. In the process, you’ll have the privilege of working on some of the most cutting-edge and impactful solutions shaping the world today.

Balance and flexibility. We believe in the importance of balance and flexibility. With many functional career areas, roles, and work arrangements, you can explore ways of achieving the perfect balance between your work and life. Your life extends beyond the office, and we always do our best to help you integrate and balance the best of work and life, having fun along the way!

High-trust organization. We are a high-trust organization where integrity is key. By joining GlobalLogic, you’re placing your trust in a safe, reliable, and ethical global company. Integrity and trust are a cornerstone of our value proposition to our employees and clients. You will find truthfulness, candor, and integrity in everything we do.

GlobalLogicについて

GlobalLogic, a Hitachi Group Company, is a trusted digital engineering partner to the world’s largest and most forward-thinking companies. Since 2000, we’ve been at the forefront of the digital revolution – helping create some of the most innovative and widely used digital products and experiences. Today we continue to collaborate with clients in transforming businesses and redefining industries through intelligent products, platforms, and services.