CaVU Consulting, Inc. is seeking a Cybersecurity Engineer to work in Cary, NC. This position will provide requirements definitions, secure software development, systems security engineering in concert with network integration needs, formal test and evaluation, and certification support to a global manufacturer and provider of medical technologies and related services for the health care industry. The ideal candidate will have experience in navigating, selecting, articulating, and promulgating Department of Defense (DoD) information assurance policies and security engineering guidance; systems security architecture development; building system and software test and evaluation plans; and proactively navigating DoD and certification and accreditation processes and commercial best practices that affect the health care industry.
SCOPE OF WORK: This position will provide broad systems security engineering supporting the design, manufacturing, and approvals for fielding of medical technologies. Duties include:
- Facilitate scoping of product requirements and setting of business priorities to align product roadmaps and deliverables.
- Independently elicit user and business needs, translating these into product requirements through a variety of best-practice techniques, including user interviews and surveys, functionality analysis.
- Analyze security architectures down to component level and work with the engineering team to ensure system security requirements are addressed during development.
- Manage the requirements engineering process throughout the development life cycle, eliciting, documenting, analyzing and harmonizing functional and non-functional software requirements.
- Support secure software development in test planning by identifying testability requirements and supporting review of test cases and defects, as needed.
- Lead requirements workshops and reviews in a cross-functional setting to support verification activities, traceability, and assessment/analysis of risk.
- Implement DoDI 8500.02 Information Assurance Controls, DISA Security Technical Implementation Guides (STIGS), and NIST SP 800-53 Security Controls.
- Provide assessment, promulgation, and enforcement of emerging Cyber policies used by health care providers across the health care continuum and around the world in hospitals, extended care facilities and home care settings to enhance the safety and quality of patient care.
Qualifications and Experience:
- A minimum of seven (7) years of experience in IA policy navigation, systems security engineering, test and evaluation, DoD and Health Industry certification and accreditation process.
- Familiarity of patient support systems, safe mobility and handling solutions, general medical equipment, and information technology solutions.
- Demonstrate advanced knowledge of requirements analysis techniques.
- Ability to work independently and collaborate as a member of a cross-functional team.
- Excellent interpersonal skills, including customer interactions.
- Ability to manage multiple projects with minimum supervision.
- Serve as an expert within a technical area and educate others on technical issues.
- Familiarity with security and privacy standards (OWASP, HIPAA, and NIST).
- Domain knowledge of hospital medication management, distribution systems, healthcare IT systems and solutions a plus.
- BS Degree from an accredited college or university in one of the following fields: Engineering (Computer, Electrical, Mechanical, etc.), Physical Sciences, Computer Sciences, Information Systems, Operations Research, Mathematics, Physics.
Position Status: Closed
Travel: Ability to travel approximately <25%