Sr. Cybersecurity Specialist II - Aliso Viejo, CA
Glaukos Corporation · Aliso Viejo, CA · 1 wk ago
EngineeringFull-time
How You’ll Get There
- Demonstrated depth in at least one or more of the domains outlined above, with 8+ years of experience in cybersecurity engineering.
- Direct experience in a regulated industry such as medical devices, life sciences, healthcare technology, or a similarly regulated environment.
- Proven ability to engineer, operate, and mature cybersecurity controls within your domain(s) of ownership, including metrics, documentation, and audit-readiness.
- Working knowledge of applicable frameworks and standards including NIST CSF, IEC 62443, IEC 62304, FDA cybersecurity guidance, HIPAA, SOC2, and ISO 27001.
- Experience supporting regulatory inspections, internal audits, or customer security assessments as a credible technical representative.
- Demonstrated ability to work cross-functionally and collaborate effectively with Engineering, Quality, Regulatory, and IT stakeholders.
- Track record of delivering sustained results through scalable processes, clear metrics, and well-maintained documentation.
- Relevant certifications preferred, aligned to your domain(s): CISSP, CISM, GICSP, GCIH, CCSP, CIPP, or equivalent.
- Bachelor's degree in Cybersecurity, Computer Science, Engineering, Biomedical Engineering, or a related field; equivalent experience considered.
What You’ll Do
- Lead third-party and supplier cybersecurity assessments integrated into the procurement lifecycle.
- Govern Software Bill of Materials (SBOM) accuracy, update cadence, and traceability from component to product.
- Track and remediate supply chain vulnerabilities through coordinated processes with Engineering and suppliers.
- Develop and maintain supply chain security standards, questionnaires, and contractual security requirements.
- Own and operate the enterprise vulnerability management program, including scanning cadence, triage, prioritization, and SLA tracking.
- Manage patch tracking and exception handling processes, including compensating controls and escalation of overdue items.
- Carefully manage vulnerability disclosure (CVD) processes and customer notification workflows in partnership with product security and regulatory teams.
- Maintain dashboards and metrics to communicate vulnerability posture to leadership.
- Play a key role in the design of network security architecture including firewalls, segmentation, zero trust principles, and secure remote access.
- Conduct network traffic analysis and manage intrusion detection/prevention systems (IDS/IPS).
- Confirm/audit the hardening of network infrastructure supporting both corporate IT and device-connected environments.
- Partner with IT and engineering on secure network design for manufacturing-support and product-connected systems.
- Audit cloud security controls across IaaS, PaaS, and SaaS platforms (AWS, Azure, GCP, and applicable SaaS tools).
- Perform cloud security posture management (CSPM), identity hygiene reviews, and misconfiguration remediation.
- Develop and enforce cloud security standards, guardrails, and architecture review processes.
- Ensure cloud-hosted workloads supporting medical devices and manufacturing meet applicable regulatory and security requirements.
- Support and mature Security Operations Center (SOC) capabilities, including alert triage, use case development, and SIEM/SOAR tuning.
- Manage security monitoring for device-supporting environments, including backup, restore, and attestation activities.
- Manage a 3rd party MSSP/MXDR that provides detection logic, playbooks, and runbooks to improve response fidelity and speed.
- Provide KPIs and operational reporting for security operations activities to the CISO and stakeholders.
- Lead and coordinate cybersecurity incident response activities, including containment, eradication, recovery, and post-incident reviews.
- Maintain and test the incident response plan (IRP), including tabletop exercises and scenario-based drills.
- Serve as a technical escalation point for security incidents impacting corporate, OT, and product environments.
- Coordinate with Legal, Regulatory Affairs, and Communications teams on disclosure obligations and customer notification.
- Own and mature IAM controls including role-based access control (RBAC), privileged access management (PAM), and multi-factor authentication (MFA) enforcement.
- Execute and govern periodic user and privileged access reviews for applications, cloud portals, and manufacturing-support systems.
- Manage identity lifecycle processes (joiner/mover/leaver) in coordination with HR and IT.
- Implement and maintain least-privilege principles across enterprise and product-connected systems.
- Design and implement data classification frameworks, DLP controls, and encryption standards for data at rest and in transit.
- Identify, inventory, and protect sensitive data assets including regulated data (PII, PHI) across corporate and cloud environments.
- Support data security requirements for medical device connectivity and patient data flows.
- Conduct periodic data security assessments and drive remediation of identified gaps.
- Partner with Legal and Privacy teams to implement technical controls supporting HIPAA, GDPR, CCPA, and other applicable privacy regulations.
- Conduct and/or manage 3rd party firms in Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) for new products, systems, and processes.
- Ensure data handling practices for medical device products meet applicable privacy and security standards.
- Track and document privacy-related security controls for audit and regulatory inspection readiness.
- Monitor the security configuration of collaboration platforms (Microsoft 365, Teams, SharePoint, email, video conferencing) through policy, configuration hardening, and monitoring.
- Manage email security controls including anti-phishing, anti-spoofing (SPF/DKIM/DMARC), and secure email gateway policies.
- Govern data sharing and external collaboration settings to prevent unauthorized exfiltration.
- Conduct periodic configuration reviews and implement security benchmarks for collaboration tools.
- Conduct security assessments and architecture reviews for enterprise applications including ERP, QMS, MES, CRM, and other business-critical platforms.
- Partner with IT and application owners to ensure secure configuration, access control, and patch management for enterprise software.
- Perform application security testing coordination (SAST, DAST, penetration testing) for internally developed and procured software.
- Maintain an inventory of enterprise applications, their risk classifications, and associated security controls.
- Design, implement, and maintain security controls for operational technology (OT) and industrial control systems (ICS) environments supporting medical device manufacturing and operations.
- Conduct OT-specific risk assessments, network segmentation reviews, and asset inventory management.
- Apply IEC 62443 principles to secure manufacturing and production systems.
- Monitor OT environments for anomalous behavior and coordinate incident response with engineering and operations teams.
- Design security awareness training programs tailored to technical, clinical, and executive audiences.
- Manage phishing simulation campaigns and track metrics on program effectiveness.
- Develop targeted training materials for high-risk roles including developers, administrators, and manufacturing staff.
- Foster a security-conscious culture through communication, champions programs, and ongoing education.