Cybersecurity Engineer

POSITION TITLE: Cybersecurity Engineer

DEPARTMENT: Engineering

LOCATION: United States (Remote)

SUMMARY

Owlet is searching for our newest Cybersecurity Engineer! We are seeking a solid security individual who will be responsible for planning and implementing security measures to protect our consumer products, systems, networks, and data in a fast-paced and exciting, innovative organization. The successful candidate understands the best and most innovative methodologies in order to anticipate and prevent security breaches.

PRIMARY RESPONSIBILITIES

As a Cybersecurity Engineer you will design, implement, and maintain robust security solutions that comply with regulatory objectives and industry best practices. Responsibilities include conducting security audits, performing risk assessments, executing vulnerability scans, and managing incident responses. Additionally, you will provide expert technical support to and drive cybersecurity initiatives across the various Engineering teams at Owlet. This position demands a proactive approach to security and a commitment to staying abreast of the latest cybersecurity advancements.

• Security Architecture: Design and maintain a comprehensive security architecture for our connected device ecosystem, including device hardware and software, cloud infrastructure, identity management, and our mobile clients.
• Risk Assessment & Management: Conduct thorough risk assessments to identify and prioritize security vulnerabilities and threats. Develop and implement mitigation strategies in accordance with industry standards and regulatory requirements.
• Regulatory Compliance: Ensure compliance with relevant cybersecurity and privacy regulations and guidelines, including FDA, MHRA, Health Canada, GDPR and CCPA, etc. Stay up-to-date with emerging regulatory trends and adapt security practices accordingly.
• Threat Modeling: Develop threat models to identify potential attack vectors and design security controls to protect against unauthorized access, data breaches, and other malicious activities.
• Security Testing: Conduct regular penetration testing, vulnerability assessments, and security code reviews to identify and address security weaknesses.
• Incident Response: Maintain and improve upon the company incident response plan to effectively address security incidents, minimize damage, and ensure timely communication with relevant stakeholders.
• Security Awareness Training: Develop and deliver security awareness training programs to educate employees about cybersecurity best practices and their role in protecting patient data.
• Collaboration: Collaborate with cross-functional teams, including engineering, product management, and quality assurance, to integrate security into the entire product lifecycle. Support and comply with the company’s Quality Management System policies and procedures.

MINIMUM QUALIFICATIONS

• Education: Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related field.
• Experience: 5+ years of experience in cybersecurity, with at least 2 years focused on medical device security.

Technical Skills:

• Strong understanding of networking and communication protocols (Bluetooth, Wi-Fi, TCP/IP, HTTPS)
• Experience in information security within a public or private cloud infrastructure environment; including, but not limited to, Azure, GPS and AWS.
• Proficiency in security testing tools and techniques (penetration testing, vulnerability scanning)
• Authorization to work in the United States without sponsorship.

PREFERRED QUALIFICATIONS

• Certifications: Obtained or working towards cybersecurity certification/s (GDSA, CCSP, GSEC,CISSP, CISM, etc.).
• Regulatory Knowledge: Demonstrated knowledge of cybersecurity regulations and guidelines specific to medical devices, including FDA, MHRA, and Health Canada.

Technical Skills:

• Experience using Agile methodologies.Familiarity with mobile application security (iOS, Android)
• Knowledge of cryptography and secure coding practices
• Knowledge of risk management frameworks (NIST, ISO 27001)