Cybersecurity Test Engineer II

Essential Functions:

• Participates as active member of the project team focusing on analyzing penetration test results, assessing attack patterns and severity, and collaborating with Red or developers
• Provide actionable remediation guidance to mitigate identified cybersecurity defects and risks.
• Manage and maintain vulnerability scanning tools, and secure test environments.
• Conduct fuzz testing to uncover unknown vulnerabilities and escalate critical findings.
• Reproduce and validate cybersecurity defects in controlled environments.
• Evaluate, Investigate and resolve cybersecurity issues/ fixes reported by customers, ensuring effective and timely solutions.
• Produce high-quality technical documentation to support compliance with regulatory standards such as FDA, HIPAA, and ISO 13485.
• Collaborate with development, IT, and product teams to ensure secure design and implementation of systems and products.

• Creates/Maintains software (component) design documentation.
• Creates/Maintains software source code that adheres to design documentation.
• Performs unit testing and/or code reviews as per project policy.
• Performs integration testing to ensure software functions within application and with devices.
• Evaluates, investigates, and implements fixes to assigned software defects.
• Evaluates, investigates, and implements assigned software change proposals.
• Provides level of effort for assigned software activities. Tracks personal estimates over time in order to improve accuracy.
• Follows project and corporate software plans, standards, and procedures.
• Performs other related duties as assigned

Budget Managed (if applicable):

• N/A

Internal Networking/Key Relationships:

• To be determined based on department needs

Skills & Capabilities:

• Expertise in penetration testing tools (e.g., Nessus, Metasploit, Burp Suite) and fuzzing tools (e.g., Peach, AFL).
• Familiarity with secure software development lifecycles (SDLC).
• Familiarity with standards such as FDA, HIPAA, and ISO 13485.
• Strong technical writing skills for compliance, reporting, and regulatory submissions.
• Advanced knowledge in exploit chaining and vulnerability analysis.
• Industry-recognized certifications such as OSCP, CEH, GPEN, or equivalent.
• Experience with VMware ESXi and virtualized environments desirable.
• Strong knowledge of Linux systems.
• Experience in cybersecurity for medical devices or other highly regulated industries.
• Written and Oral Communications
• Technical learning
• Teamwork
• Managing and Measuring Work
• Ability to use software engineering tools: configuration, requirements, and defect management 
• Ability to operate instrumentation
• Ability to handle many software components