Share this Job

Senior Penetration Tester Job

Apply now »
Apply now

Apply for Job

Date: Jul 11, 2019

Location: New Delhi, HR, IN

Company: Boston Scientific

Location: Gurgaon , Haryana (India)
Hiring Manager: Andrew Bommet
Recruiter: Paras Kathuria



Purpose and Passion • Comprehensive Benefits • Life-Work Integration • Community • Career Growth

At Boston Scientific, you will find a collaborative culture driven by a passion for innovation that keeps us connected on the most essential level. With determination, imagination and a deep caring for human life, we’re solving some of the most important healthcare industry challenges. Together, we’re one global team committed to making a difference in people’s lives around the world. This is a place where you can find a career with meaningful purpose—improving lives through your life’s work.

About the role:


Product Cybersecurity Engineer position is within the Global Cyber Security Department in the Information Technology organization at Boston Scientific. This role offers a unique opportunity for a highly skilled security professional to be involved in improving the security posture of Boston Scientific’s medical systems and devices - across all specialties. The primary role of this position will be to conduct security testing (pen-testing) and vulnerability research on legacy (existing) devices as well as those still in research and development (R&D) phases. This role will also have advisory functions ranging across, incident response activities, vulnerability management, data loss prevention, insider threat investigations, cyber security threat intelligence, and support of advanced threat detection, reporting and management technologies. This position reports to the Product Security manager within the Chief Information Security Officer organization.


Your responsibilities:


  • Apply deep technical expertise to conduct vulnerability research and testing, through techniques such as reverse engineering, black/grey box penetration testing and other advanced techniques for embedded systems and medical devices
  • Conduct security architecture reviews as part of in-depth security assessments of connected medical devices and supporting infrastructure
  • Must be comfortable with carrying out vulnerability assessments on embedded devices as well as and larger systems that are based on various hardware and software platforms, including custom-developed solutions
  • Conduct validation of vulnerability disclosures reports received from external researchers (affecting Boston Scientific products)
  • Engage with R&D engineers in different product lines, including IT and vendors, as the cybersecurity liaison and SME
  • Undertake ad hoc often complex projects requiring specialized technical knowledge, and strict timelines for deliverables
  • Must be result oriented, multi-disciplined, and comfortable testing system security in unique medical device platforms


The ideal candidate must have a demonstrated ability to work without appreciable direction but with consultation from R&D and Corporate IT technical and management teams. Can work independently or in a team on highly specialized projects with long range objectives and must be able to exercises considerable latitude in determining objectives of assignment. Can select tools, methods and techniques to lead a project to completion, and can write technical as well as executive-level vulnerability reports after each project. This role will also contribute in developing Corporate policies and procedures, new techniques and standards applicable to product security.


What  we're looking for:


  • Bachelor’s degree with 5 years of experience in cybersecurity vulnerability research and testing. Degrees can be in the areas of Computer Science, Information Systems, Engineering or related major
  • Demonstrated experience in kernel level, firmware/software, and network penetration testing and vulnerability research
  • Deep technical knowledge of common OS as well as custom/proprietary embedded OS.
  • Deep technical knowledge of network protocol vulnerabilities and security controls and other counter-measures
  • Affluence with security testing techniques and tools such as: Kali Linux, Metasploit, Wireshark, NMAP, Binary/protocol inspection tools etc.
  • Affluence in common vulnerability standards such as CVE, CVSS scoring as well as research and testing methodologies like OWASP and/or OSSTMM
  • Working knowledge of code/network/malware analysis (including reverse-engineering, fuzzing etc. )
  • Experience working on highly sensitive projects that require utmost discretion, and maintaining strict confidentiality on all data, records, and tasks as required
  • Strong knowledge and work experience with logical access controls to ensure confidentiality, integrity and assurance of proprietary information.


Certifications:  OSCP, CEH, GPEN, CPTC, CPTE, CISSP, CISM, or other equivalent security certification.


About us

As a global medical technology leader for more than 35 years, our mission at Boston Scientific (NYSE: BSX) is to transform lives through innovative medical solutions that improve the health of patients. If you’re looking to truly make a difference to people both around the world and around the corner, there’s no better place to make it happen.


Boston Scientific is an Equal Opportunity Employer – Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Disability, Veteran


Requisition ID: 448612

Job Segment: Medical, Engineer, Medical Technology, Information Systems, Firmware, Healthcare, Engineering, Technology