Penetration Tester

Nityo Infotech Corporation Logo
Nityo Infotech Corporation
United States (Remote)
  • Research
  • Applications have closed

Role: Penetration Tester

Location: Remote ( Should be travel ready to customer location once in a while for some testing)

Job Summary:

We are seeking an experienced Penetration Tester with specialized knowledge in medical devices and FDA 510(k) compliance to support our cybersecurity efforts. The ideal candidate will have hands-on experience conducting Threat Modelling, Ethical hacking and vulnerability assessments in FDA-regulated environments, ensuring our connected medical products meet security standards for submission and post-market monitoring.

Key Responsibilities:

  • Strategize and plan static and dynamic application security testing (SAST/DAST/ SCA) tools.
  • Conduct manual and automated penetration testing on medical devices, embedded systems, and healthcare applications.
  • Identify, exploit, and document vulnerabilities in both hardware and software used in Class II/III devices.
  • Collaborate with R&D, Regulatory, and Quality teams to ensure test findings are addressed in FDA 510(k) submissions.
  • Prepare detailed technical reports and risk assessments that meet FDA and ISO/IEC 81001-5-1 requirements.
  • Assist in the development and validation of Secure Software Development Lifecycle (SSDLC) practices.
  • Support threat modeling, risk management, and cybersecurity assessments required by FDA premarket guidance (e.g., Cybersecurity in Medical Devices).
  • Stay current on regulatory guidance (FDA, NIST, IEC 62443, ISO 14971) and industry best practices.

Requirements:

Technical Skills:

  • Strong understanding of penetration testing methodologies (e.g., OWASP, PTES, MITRE ATT&CK).
  • Familiarity with medical device communication protocols (e.g., BLE, Zigbee, HL7, DICOM, MQTT).
  • Secure coding practices: Knowledge of secure coding standards (e.g. OWASP top 10, OWASP ASVS) and experience in reviewing code for security vulnerabilities.
  • Proficient with tools like Burp Suite, OWASP ZAP, Metasploit, Nmap, Wireshark, Kali Linux, etc.
  • Experience testing embedded systems, firmware, and mobile/IoT medical applications.
  • Familiarity with Git version control, CI/CD pipeline and bug tracking tools.
  • Strong command line skills and troubleshooting experience in Linux environments.

Regulatory Knowledge:

  • Threat Modelling: Ability to conduct threat modelling sessions to identify and mitigate security risks
  • In-depth understanding of FDA 510(k) submission processes and cybersecurity requirements.
  • Familiarity with FDA premarket guidance (2023 updates), post market management, and SBOM expectations.
  • Understanding of HIPAA, GDPR, and other data protection regulations as they relate to medical devices.

Education and Experience:

  • Bachelor s or Master s degree in Computer Science, Cybersecurity, Biomedical Engineering, or related field.
  • 5-8 years of experience in cybersecurity testing, with at least 2 years in the medical device industry.
  • Certifications preferred: OSCP , CISSP , CEH , GICSP , or CRISC.

Preferred Qualifications:

  • Experience with testing and securing gRPC APIs.
  • Hands-on experience in AWS cloud security and compliance.
  • Proficiency in python programming knowledge to develop automations.
  • Experience with implementing security hardening to operating systems (Linux and Windows) as part of secure baselines that is used in end product.
  • Experience working directly on 510(k) submissions or as part of an FDA audit.
  • Prior work in a regulated QMS (ISO 13485, FDA CFR 21 Part 820).
  • Knowledge of DevSecOps integration.
Apply for job