Software Engineer III (Cybersecurity Test Engineering, Post-Market Security)
Werfen · Bedford, MA · 1 wk ago
Engineering$110k–$140k/yrFull-time
Responsibilities
- Participates as active member of the project team focusing on analyzing penetration test results, assessing attack patterns and severity, and collaborating with Red or developers
- Provides actionable remediation guidance to mitigate identified cybersecurity defects and risks
- Manage and maintain vulnerability scanning tools, and secure test environments
- Conduct fuzz testing to uncover unknown vulnerabilities and escalate critical findings
- Reproduce and validate cybersecurity defects in controlled environments
- Evaluate, Investigate and resolve cybersecurity issues/ fixes reported by customers, ensuring effective and timely solutions
- Create/Maintain software requirement/functional specifications
- Create/Maintain software (component) design documentation
- Create/Maintain software source code that adheres to design documentation
- Perform unit testing and/or code reviews as per project policy
- Perform integration testing to ensure software functions within application and with devices
- Evaluate, investigate, and implement fixes to assigned software defects
- Evaluate, investigate, and implement assigned software change proposals
Qualifications
- Education: Associates Degree plus typically 4 to 10 years of related experience or Bachelor’s Degree plus typically 4 to 8 years of related experience or Master’s Degree plus typically 2 to 6 years of related experience or waiver based on experience. Degree should be in a technical discipline such as Chemistry, Math, Physics, Engineering, or Computer Science.
- Experience: Programming expertise in Python, Bash, C, or C++. Hands-on expertise in offensive and defensive security and penetration testing methodologies.
Skills & Capabilities
- Expertise in penetration testing tools (e.g., Nessus, Metasploit, Burp Suite) and fuzzing tools (e.g., Peach, AFL).
- Familiarity with secure software development lifecycles (SDLC).
- Familiarity with standards such as FDA, HIPAA, and ISO 13485.
- Strong technical writing skills for compliance, reporting, and regulatory submissions.
- Advanced knowledge in exploit chaining and vulnerability analysis.
- Industry-recognized certifications such as OSCP, CEH, GPEN, or equivalent.
- Experience with VMware ESXi and virtualized environments desirable.
- Strong knowledge of Linux systems.
- Experience in cybersecurity for medical devices or other highly regulated industries.
- Strong written and oral communications skills.
- Ability to use software engineering tools: configuration, requirements, and defect management.
- Ability to operate instrumentation.