Engineer II, Cybersecurity and S/W Quality

Additional Locations:  N/A

Diversity - Innovation - Caring - Global Collaboration - Winning Spirit - High Performance

At Boston Scientific, we’ll give you the opportunity to harness all that’s within you by working in teams of diverse and high-performing employees, tackling some of the most important health industry challenges. With access to the latest tools, information and training, we’ll help you in advancing your skills and career. Here, you’ll be supported in progressing – whatever your ambitions.

Responsible for identifying, investigating, and mitigating advanced cyber threats, including insider risks and data loss incidents. Experienced in network monitoring, incident response, cyber investigations, malware analysis, vulnerability assessment, and penetration testing. Strong exposure to Secure SDLC, threat modeling (STRIDE and attack trees), SBOM management, secure code review, SAST and DAST, and post-market security surveillance to reduce risk across applications and infrastructure. 

Key Responsibilities:

• Cyber Investigations:
• Focus on conducting full-spectrum threat analysis resulting from CND Intelligence Operations information, threat reporting, and ongoing incidents affecting the enterprise from advanced cyber threats.
• Encourages investigations and research initiatives to move toward a more proactive state, resulting in advanced warning of cyberattacks, enhanced understanding of adversary collection requirements, and new threat indicators that facilitate proactive threat discovery and mitigation.
• Incident Management:
• Must take the lead on providing situational awareness to appropriate personnel through clear and concise communications and promote a proactive response to possible threats by staying current with, analyzing, and identifying mitigations for emerging threats to Boston Scientific’s IT infrastructure.
• Malware analysis using a defined set of analytical tools.
• User behavior analysis for insider threats and policy violations. Review of data transmission and storage to determine loss and/or theft of company data.
• Serve on call when assigned. Communicate effectively with peers and other key stakeholders
• Increase organizational threat awareness by providing briefings as required. Report findings and provide countermeasure recommendations and business cases based on standard security principles, policies, standards, and industry best practices.
• Promote a proactive approach to the changing threat landscape. Evaluate and recommend new security technologies, processes, and methodologies. Maintain and continually evaluate cyber threat intelligence sources for changes that increase effectiveness and timeliness
• Coordinate and run vulnerability scans against the environment.
• Review and analyze vulnerability assessment data to identify technical risks to the organization.
• Perform identification and impact classification for new vulnerabilities identified in the environment.
• Verify vulnerabilities through penetration testing and social engineering activities. Interpret vulnerabilities and communicate business impact and remediation actions to management.
• Prepare vulnerability and risk management reports.
• Manage and assist in coordination of the remediation of vulnerabilities by IS.

Required Qualification:

• Graduation in Computer Science & Engineering with Cybersecurity Skill and Experience in Medical Devices. 5-7 Years of Experience. 5% travel
• 5+ years in product or application security, including embedded systems or connected devices; proven delivery of security in regulated environments.
• Threat modeling, vulnerability assessment, postmarket surveillance
• Strong skills producing secure software development lifecycle, architecture/data-flow diagrams, SBOMs, and risk files aligned with FDA pre and post market needs.
• Hands-on with SBOM (SPDX/CycloneDX), secure coding standards, and security testing tools across embedded and application stacks.

• • • Experience reviewing and analyzing findings from Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and penetration testing.

• Prior work on IEC 62304/ISO 14971-aligned programs and familiarity with FDA expectations for pre/postmarket cybersecurity.
• Demonstrates ownership of cybersecurity responsibilities
• Stays current with evolving FDA cybersecurity guidance, CVE databases, and industry best practices.
• Demonstrates curiosity and proactive problemsolving.
• Acts with integrity when handling sensitive information or reporting vulnerabilities.
• CISSP, CSSLP, CEH, or relevant security certifications.

Requisition ID: 621169

As a leader in medical science for more than 40 years, we are committed to solving the challenges that matter most – united by a deep caring for human life. Our mission to advance science for life is about transforming lives through innovative medical solutions that improve patient lives, create value for our customers, and support our employees and the communities in which we operate. Now more than ever, we have a responsibility to apply those values to everything we do – as a global business and as a global corporate citizen.

So, choosing a career with Boston Scientific (NYSE: BSX) isn’t just business, it’s personal. And if you’re a natural problem-solver with the imagination, determination, and spirit to make a meaningful difference to people worldwide, we encourage you to apply and look forward to connecting with you!