Jobs · Engineering · California

Sr. Cybersecurity Specialist II - Aliso Viejo, CA

Glaukos Corporation · Aliso Viejo, CA · 1 wk ago
EngineeringFull-time

How You’ll Get There

  • Demonstrated depth in at least one or more of the domains outlined above, with 8+ years of experience in cybersecurity engineering.
  • Direct experience in a regulated industry such as medical devices, life sciences, healthcare technology, or a similarly regulated environment.
  • Proven ability to engineer, operate, and mature cybersecurity controls within your domain(s) of ownership, including metrics, documentation, and audit-readiness.
  • Working knowledge of applicable frameworks and standards including NIST CSF, IEC 62443, IEC 62304, FDA cybersecurity guidance, HIPAA, SOC2, and ISO 27001.
  • Experience supporting regulatory inspections, internal audits, or customer security assessments as a credible technical representative.
  • Demonstrated ability to work cross-functionally and collaborate effectively with Engineering, Quality, Regulatory, and IT stakeholders.
  • Track record of delivering sustained results through scalable processes, clear metrics, and well-maintained documentation.
  • Relevant certifications preferred, aligned to your domain(s): CISSP, CISM, GICSP, GCIH, CCSP, CIPP, or equivalent.
  • Bachelor's degree in Cybersecurity, Computer Science, Engineering, Biomedical Engineering, or a related field; equivalent experience considered.

What You’ll Do

  • Lead third-party and supplier cybersecurity assessments integrated into the procurement lifecycle.
  • Govern Software Bill of Materials (SBOM) accuracy, update cadence, and traceability from component to product.
  • Track and remediate supply chain vulnerabilities through coordinated processes with Engineering and suppliers.
  • Develop and maintain supply chain security standards, questionnaires, and contractual security requirements.
  • Own and operate the enterprise vulnerability management program, including scanning cadence, triage, prioritization, and SLA tracking.
  • Manage patch tracking and exception handling processes, including compensating controls and escalation of overdue items.
  • Carefully manage vulnerability disclosure (CVD) processes and customer notification workflows in partnership with product security and regulatory teams.
  • Maintain dashboards and metrics to communicate vulnerability posture to leadership.
  • Play a key role in the design of network security architecture including firewalls, segmentation, zero trust principles, and secure remote access.
  • Conduct network traffic analysis and manage intrusion detection/prevention systems (IDS/IPS).
  • Confirm/audit the hardening of network infrastructure supporting both corporate IT and device-connected environments.
  • Partner with IT and engineering on secure network design for manufacturing-support and product-connected systems.
  • Audit cloud security controls across IaaS, PaaS, and SaaS platforms (AWS, Azure, GCP, and applicable SaaS tools).
  • Perform cloud security posture management (CSPM), identity hygiene reviews, and misconfiguration remediation.
  • Develop and enforce cloud security standards, guardrails, and architecture review processes.
  • Ensure cloud-hosted workloads supporting medical devices and manufacturing meet applicable regulatory and security requirements.
  • Support and mature Security Operations Center (SOC) capabilities, including alert triage, use case development, and SIEM/SOAR tuning.
  • Manage security monitoring for device-supporting environments, including backup, restore, and attestation activities.
  • Manage a 3rd party MSSP/MXDR that provides detection logic, playbooks, and runbooks to improve response fidelity and speed.
  • Provide KPIs and operational reporting for security operations activities to the CISO and stakeholders.
  • Lead and coordinate cybersecurity incident response activities, including containment, eradication, recovery, and post-incident reviews.
  • Maintain and test the incident response plan (IRP), including tabletop exercises and scenario-based drills.
  • Serve as a technical escalation point for security incidents impacting corporate, OT, and product environments.
  • Coordinate with Legal, Regulatory Affairs, and Communications teams on disclosure obligations and customer notification.
  • Own and mature IAM controls including role-based access control (RBAC), privileged access management (PAM), and multi-factor authentication (MFA) enforcement.
  • Execute and govern periodic user and privileged access reviews for applications, cloud portals, and manufacturing-support systems.
  • Manage identity lifecycle processes (joiner/mover/leaver) in coordination with HR and IT.
  • Implement and maintain least-privilege principles across enterprise and product-connected systems.
  • Design and implement data classification frameworks, DLP controls, and encryption standards for data at rest and in transit.
  • Identify, inventory, and protect sensitive data assets including regulated data (PII, PHI) across corporate and cloud environments.
  • Support data security requirements for medical device connectivity and patient data flows.
  • Conduct periodic data security assessments and drive remediation of identified gaps.
  • Partner with Legal and Privacy teams to implement technical controls supporting HIPAA, GDPR, CCPA, and other applicable privacy regulations.
  • Conduct and/or manage 3rd party firms in Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) for new products, systems, and processes.
  • Ensure data handling practices for medical device products meet applicable privacy and security standards.
  • Track and document privacy-related security controls for audit and regulatory inspection readiness.
  • Monitor the security configuration of collaboration platforms (Microsoft 365, Teams, SharePoint, email, video conferencing) through policy, configuration hardening, and monitoring.
  • Manage email security controls including anti-phishing, anti-spoofing (SPF/DKIM/DMARC), and secure email gateway policies.
  • Govern data sharing and external collaboration settings to prevent unauthorized exfiltration.
  • Conduct periodic configuration reviews and implement security benchmarks for collaboration tools.
  • Conduct security assessments and architecture reviews for enterprise applications including ERP, QMS, MES, CRM, and other business-critical platforms.
  • Partner with IT and application owners to ensure secure configuration, access control, and patch management for enterprise software.
  • Perform application security testing coordination (SAST, DAST, penetration testing) for internally developed and procured software.
  • Maintain an inventory of enterprise applications, their risk classifications, and associated security controls.
  • Design, implement, and maintain security controls for operational technology (OT) and industrial control systems (ICS) environments supporting medical device manufacturing and operations.
  • Conduct OT-specific risk assessments, network segmentation reviews, and asset inventory management.
  • Apply IEC 62443 principles to secure manufacturing and production systems.
  • Monitor OT environments for anomalous behavior and coordinate incident response with engineering and operations teams.
  • Design security awareness training programs tailored to technical, clinical, and executive audiences.
  • Manage phishing simulation campaigns and track metrics on program effectiveness.
  • Develop targeted training materials for high-risk roles including developers, administrators, and manufacturing staff.
  • Foster a security-conscious culture through communication, champions programs, and ongoing education.

Similar jobs

Cybersecurity Engineer II

Kirkland & EllisAustin, TX· 1 wk ago
Information Technology$133k–$166k/yrapply on staffjobsus.kirkland.com