Insulet started in 2000 with an idea and a mission to enable our customers to enjoy simplicity, freedom and healthier lives through the use of our Omnipod® product platform. In the last two decades we have improved the lives of hundreds of thousands of patients by using innovative technology that is wearable, waterproof, and lifestyle accommodating.
We are looking for highly motivated, performance driven individuals to be a part of our expanding team. We do this by hiring amazing people guided by shared values who exceed customer expectations. Our continued success depends on it!
Position Overview: The Sr. Director, Cyber & Medical Device Security will be responsible for defining and delivering cyber security services for the enterprise and in support of Insulet's Medical Device Products.
Responsibilities:
Provide managed and repeatable application security engineering services in support of Insulet products and services including threat modeling, risk management and vulnerability testing
Support the development and testing of standard cybersecurity design requirements for Medical Device Products
Work with Cyber Security Team and QARA to ensure cyber security processes are fully integrated with Insulet quality management system (QMS)
Support the publication of documentation related to the management of cyber security in medical devices submissions
Support the management of post market cyber security in medical devices by ensuring; Continuous threat and vulnerability assessments against all products in the field, management of Insulet's Coordinated Disclosure Program and participation in Information Sharing and Analysis Organization (ISAO's)
Support best practice medical device cyber security incident management process (ISO 29147/30111)
Development and maintenance of application risk registers for all Medical Device Products
Development, implementation, training, and maintenance of S-SDLC program
Lead ad-hoc cybersecurity application and API penetration testing efforts
Lead continuous application cybersecurity vulnerability assessment efforts as well as static and dynamic application security testing (SAST & DAST) efforts
Support the identification, development and maintenance of Identity and Access Management solution for consumer and patient identity
Evaluation and documentation of cybersecurity posture of applications by leveraging standard and repeatable procedures informed by industry best practice guidance (NIST Cybersecurity Framework, NIST Risk Management Framework, NIST 800-53, NIST 800-63, NIST 800-64, NIST 800-124, NIST 800-144, ISO 2700x, etc.)
Evaluate and document vendor software solutions, especially technical integrations to confirm they meet corporate and technology security standards and guidelines
Provide innovation and creativity to mitigate business or technical cyber security issues.
Ensures compliance with all regulatory, audit, security, and risk management requirements.
Integrate IT systems development and vulnerability management with security policies and information protection strategies in order to support Insulet product, patient and corporate environments.
Provide leadership, training opportunities and guidance to personnel
Education and Experience:
Minimum Requirements:
Bachelor's degree or higher, or substantial verifiable experience in one or more of the following areas:
Application development
Application security engineering
Application penetration testing
Knowledge of web and mobile application architecture patterns, concepts, distributed environments, and database technologies.
Practical experience of OWASP, CVSS3.0, STRIDE framework, CVE and CWE required
Practical experience with AAMI TIR57:2016 required
Practical experience with Android and iOS development techniques and patterns required
Preferred Skills and Competencies:
Relevant security certifications (CISSP, CEH, etc.) a plus
Relevant development certifications (AWS, Scrum, etc.) a plus
Relational, Realm, and NoSQL Databases a plus
CRM and data integration experience a plus
IAM experience a plus
Data integration technologies (RESTful, SOAP, etc.) a plus
Strong understanding of encryption, cryptography, and secrets (key) management
Cloud Compute Infrastructure (AWS, Azure)
Security Threat Modeling
Tools:
IDE's (Eclipse, Android Development Studio)
Atlassian development and collaboration tools (BitBucket, Bamboo, Jira, Confluence)
SAST Platforms (Veracode, Checkmarx)
Strong communication and interpersonal skills. Ability to communicate ideas clearly and efficiently across technical and non-technical audiences, displays active listening skills, and communicates effectively and efficiently.
Ability to prioritize multiple tasks and develop innovative solutions to meet project expectations without compromising good design.
Physical Requirements (if applicable):
None
NOTE: This position is eligible for hybrid working arrangements (requires on-site work from an Insulet office at least 1x/week; may work remotely other days). #LI-Hybrid
Additional Information: The US base salary range for this full-time position is $202,730.00 - $304,700.00. Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position in the primary work location in the US. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your Talent Acquisition Specialist can share more about the specific salary range for your preferred location during the hiring process. Please note that the compensation details listed in US role postings reflect the base salary only, and do not include bonus, equity, or benefits.
At Insulet Corporation all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
