Share this Job

Penetration Tester Job

Apply now

Apply for Job

Date: Dec 4, 2018

Location: Arden Hills, MN, US, 55112

Company: Boston Scientific

Additional Locations: (n/a); US-MA-Marlborough; US-MA-Quincy, & Remote



Purpose and Passion • Comprehensive Benefits • Life-Work Integration • Community • Career Growth

At Boston Scientific, you will find a collaborative culture driven by a passion for innovation that keeps us connected on the most essential level. With determination, imagination and a deep caring for human life, we’re solving some of the most important healthcare industry challenges. Together, we’re one global team committed to making a difference in people’s lives around the world. This is a place where you can find a career with meaningful purpose—improving lives through your life’s work.


Position Overview:

This role within the Global Cyber Security Department offers a unique opportunity for a highly skilled security professional to be involved in improving the security posture of Boston Scientific’s medical systems and devices. The primary role of this position will be to conduct pen-testing and vulnerability research on legacy devices as well as those still in research and development phases.


Responsibilities include:

  • Apply deep technical expertise to conduct vulnerability research and testing in embedded, mobile or FDA regulated systems.
  • Must be comfortable with carrying out vulnerability assessments on various hardware and software platforms, using techniques such as reverse engineering, black/grey box penetration testing and other advanced techniques.
  • Identify and document security vulnerabilities in client/server, web, and mobile applications, as well as network systems, and mobile infrastructure.
  • Report vulnerabilities using a standardized reporting structure.
  • Assign vulnerability scores utilizing the common vulnerability scoring system (CVSS).
  • Assist in the prioritization of findings based on risk and safety impact.
  • Conduct validation of vulnerability disclosures reports received from external researchers (affecting Boston Scientific products).
  • Engage with R&D engineers in diverse product lines, including IT and vendors, as the cybersecurity liaison and SME.


Basic Qualifications:

  • Bachelor’s degree with 3-5 years of experience in cybersecurity vulnerability research and testing or equivalent combination of education and experience.
  • Must be result oriented, multi-disciplined, and comfortable testing safety critical systems in a regulated industry.
  • Experience working on highly sensitive projects that require utmost discretion, and maintaining strict confidentiality on all data, records, and tasks as required
  • 25% travel will be required for candidates working in a Boston Scientific location (Arden Hills, MN, Marlborough, MA, Bay Area, CA) and about 50% travel for remote employees


Preferred Qualifications:

  • Experience in kernel level, firmware/software, and network penetration testing and vulnerability research.
  • Technical knowledge of common OS as well as custom/proprietary embedded OS.
  • Technical knowledge of network protocol vulnerabilities and defensive counter-measures.
  • Experience with diverse security testing techniques and tools such as: Kali Linux, Metasploit, Wireshark, NMAP, Binary/protocol inspection tools etc.
  • Experience in common vulnerability standards such as CVE, CVSS scoring as well as research and testing methodologies like OWASP and/or OSSTMM.
  • Certifications in any of the following: OSCP, CEH, GPEN, CPTC, CPTE, CISSP, CISM, or other equivalent security certification.


About us

As a global medical technology leader for more than 35 years, our mission at Boston Scientific (NYSE: BSX) is to transform lives through innovative medical solutions that improve the health of patients. If you’re looking to truly make a difference to people both around the world and around the corner, there’s no better place to make it happen.


Boston Scientific is an Equal Opportunity Employer – Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Disability, Veteran


Requisition ID: 438763


Nearest Major Market: Minneapolis

Job Segment: Medical, Firmware, Engineer, Embedded, Medical Technology, Healthcare, Technology, Engineering