Threat Analysis and Risk Assessment (TARA) Specialist of R&D Product Cybersecurity

Education

BS, Master or equivalent degree in Computer Engineering, Software Engineering, Cybersecurity or other related fields

Experience

Minimum of 5 years of professional experience within Information Technology, Software Development or related field.

Minimum of 3 years of working knowledge and understanding of security engineering, system and network security, authentication and application security. Including multiple combinations of the following :

Threat Analysis and Risk Assessment activities in product development

Software development processes and secure coding

Developing security procedures and product security specifications

Vulnerability / penetration testing

Familiarity with vulnerability Management activities and processes (a plus point)

Skills :

General knowledge of medical device standards

Expert knowledge of security standards and testing methods - ISO / IEC27000 series, NIST Cybersecurity Framework, SP800 series, etc.

Strong Analytical and problem-solving skills

Ability to express ideas clearly both in written and oral communications.

Ability to analyze technical requirements and develop well-structured solutions

Ability to transform requirements in a consistent, abstract representation into a given tool environment

Roles and Responsibilities :

As expert for product security threat analysis and risk assessments the main tasks will be as following :

Build-up and maintenance of standard TARA library elements (e.g. Risk pattern libraries, Countermeasures, custom components, sets of rules etc.)

Supporting projects in general TARA activities (consulting, coordination within DCs and project specific adaptations, reviews)

Support training activities related to TARA and IriusRisk

Tool administration support for IriusRisk

Maintain accurate documentation of cybersecurity activities.