Company: KARL STORZ Endoscopy-America, Inc. (KSEA)
Job Code: 12365
Pay Grade: TBD
Description
KARL STORZ SE & Co. KG based in Tuttlingen, Germany, is a family-owned, global company committed to benefiting humanity by advancing medical technology through innovation and education.
For more than 75 years, KARL STORZ has been dedicated to earning its international reputation as a leader that designs, engineers, manufactures, and markets all its products with an emphasis on visionary design, precision craftsmanship, and clinical effectiveness.
KARL STORZ is currently seeking an Application Security Engineer who will work directly with Software Developers, Verification engineers, Manufacturing, and Service/Installers to support their responsibility to design, build, test, and service KARL STORZ products in a secure manner compliant with various laws, guidelines, and regulations. This role helps to ensure all products are developed securely and perform continuous monitoring to make sure products remain secure. You will define security policies and frameworks for the organization and will also be part of the product cyber security Incident Response Team as required.
This role will be based at our Stafford, TX (Houston area) with an opportunity to work remote up to 2 days per week.
Responsibilities
Key responsibilities will include, but may not be limited to:
Responsible for Product Security within the DSS/OR1 Product Portfolio. Assess security within products and provide guidance to Development teams on Secure Design. Participate in definition and formulation of the organizational security frameworks.
Assist in the creation and updating of cybersecurity-related procedures and guidelines.
Support in-house and third-party engineering teams in performing risk analysis to ensure products are compliant with cybersecurity requirements and adhere to global policies.
Participate in design reviews to make sure new products are secure by design.
Automate regular vulnerability scanning of all products.
Maintain automation lab to make sure all products are up to date with the latest software releases and OS patches.
Actively monitor for and assess impact of new vulnerabilities on products.
Make recommendations to the development teams about how to address newly identified vulnerabilities in our products.
Answer inquiries about technical security and data protection for all products.
Determine root-cause of security breaches and other cyber security incidents on KARL STORZ products.
Participate in security-related audits on all products.
Keep up to date on new/updates to cybersecurity frameworks/guidelines/standards.
Lead monthly cybersecurity review board meetings.
Additional Responsibilities
Quality - all activities associated with this position must be performed with the highest level of quality standards recognizing that the products are used in the medical industry.
Durability - all activities associated with this position must address the long-term durability of the device and where appropriate must consider the long-term durability even after multiple sterilizations and sterilization methods.
Efficacy - all activities associated with this position must consider the devices final application; ergonomics, interaction of the device with the physician, and device operation during usage are all components of efficacy.
Performs other related duties as assigned by supervisor.
Requirements
Our successful candidate will have excellent written and spoken business communication skills. They will also have demonstrated success working in a collaborative, service-oriented team environment.
Additional requirements include, but are not limited to:
Bachelor's degree in Engineering, Computer Science with an emphasis on Security or similar discipline.
Master's degree in Engineering, Computer Science or Product Security a plus.
5+ years of professional experience in Product Security related to Product Development.
Prior experience in software development and engineering. Experience with security frameworks.
Experience developing or working with engineers developing cybersecure products.
Seasoned professional who is fully qualified on all aspects of cybersecurity.
Extensive knowledge of current security standards, practices, procedures and methods.
Experience applying NIST 800-53 security controls to hardware and software products.
Expert in defining secure configurations for Windows and Linux/Android operating systems
Experience conducting penetration tests on products.
Thorough understanding of network protocols and packet analysis tools.
Experience in secure software development, secure configurations and benchmarking, software testing, vulnerability management, malware defenses, networks, firewall controls and log analysis.
Proficiency in C/C# and JavaScript programming languages and software development concepts.
Knowledge of anti-virus and anti-malware tools.
Demonstrated judgement in identifying varying degrees of security issues in products, identifying solutions, and working with the development teams to address.
Experience working with medical devices/products is desired.
Excellent writing and communication skills, and experience in all phases of application development are required
Experience managing multiple priorities with flexibility in a fast-paced environment
Ability to work cooperatively with others in a team-oriented environment
Ability to lift video equipment (approx. 20 lbs).
Preferred
Certified Information Systems Security Professional (CISSP)
Certified Information Systems Auditor (CISA)
CIAC Certification in Security Controls, Linux, and Windows
#dice
#LI-CW1
#LI-CW1
Vaccine requirements at KARL STORZ due to COVID-19 KARL STORZ is committed to maintaining a safe work environment for our employees and therefore we require the COVID-19 vaccine for all of our employees unless otherwise due to an underlying medical condition or sincerely held religious beliefs. During the interview process, we encourage you to ask how COVID-19 may impact the role you are seeking and if you require a reasonable accommodation regarding the vaccine requirement see below on the process for requesting accommodation. Please click here to learn more about our overall response to COVID-19.
Employee Benefits Program Overview for U.S. Locations
Medical / Dental / Vision including a state of the art wellness program and pet insurance, too!
3 weeks' vacation, 10 holidays plus paid sick time
401K retirement savings plan providing a match of 60% of the employee's first 6% contribution
Section 125 Flexible Spending Accounts
Life, STD, LTD & LTC Insurance
Tuition reimbursement of up to $5,250 per year
Fitness reimbursement up to $200 annually
Employee referral program of up to $2,000 per hire
And much more!
Field sales, internships and part-time employees are not eligible except for where required by state law. Non-employees, including temporary workers and consultants, are not eligible to participate in KARL STORZ benefits program.
KARL STORZ reserves the right to change or modify the employee's job description whether orally or in writing, at any time during the employment relationship. Additionally, KARL STORZ, through its supervisors, may require an employee to perform duties outside their normal description within the sole discretion of the supervisor. Employee must comply will all applicable KARL STORZ policies and procedures.
Equal Employment Opportunity & Reasonable Accommodation Statement KARL STORZ is committed to creating an inclusive space where employees are valued for their skills and unique experiences. To achieve this goal, we are committed to diverse voices and all applicants will receive consideration without regard to race, color, sex, national origin, disability, veteran status or any other protected characteristic. KARL STORZ is also committed to providing reasonable accommodations during our recruitment process. Should you need assistance or accommodation please email us at
Notice to Employment Agencies This recruitment assignment is being managed directly by KARL STORZ's Human Resources team. Human Resources will reach out to our preferred, contracted agency partners in the rare instance additional talent options are required. Your respect for this process is appreciated. KARL STORZ does not accept unsolicited Agency resumes. Resumes received which were unsolicited by KARL STORZ Human Resources department will be ineligible for referral fees.
