Mobile Security Engineer (Remote/Flexible)

Insulet started in 2000 with an idea and a mission to enable our customers to enjoy simplicity, freedom and healthier lives through the use of our Omnipod® product platform. In the last two decades we have improved the lives of hundreds of thousands of patients by using innovative technology that is wearable, waterproof, and lifestyle accommodating.

Mobile Security Engineer

Position overview:

Insulet is a leading developer and manufacturer of wearable, connected medical devices and is

seeking a seasoned mobile security expert to join the Product Cybersecurity Team and support the

R&D teams in developing next generation IoT solutions for the Android and iOS platforms. Our state

of the art, next generation medical devices are industry leaders in automated insulin delivery. If you

have experience in areas such as threat modeling, mobile application security, security architecture, cyber resiliency, and security operations; you may be the right individual to help us secure the mobile medical device experiences of our patients.

Responsibilities

• Researching, developing, and improving defensive tactics, techniques, and procedures for detecting and responding to mobile cybersecurity threats for medical device applications.
• Performing security evaluations and internal penetration testing of medical device applications for the Android and iOS platforms.
• Conduct regular risk assessments of the mobile applications by creating, updating and maintaining threat models and performing code reviews.
• Work with engineering and systems teams to ensure secure design, development and validation of our products, configure and deploy new tooling, and improve response capabilities.
• Analyze security data and report on threats and incidents across various platforms and environments.
• Interact directly with the security community regarding mobile security vulnerabilities and threats.
• Perform mobile security training, outreach and reviews for internal development teams.
• Ensure products comply with FDA guidance and regulations for cybersecurity.

Take lead from supervisor and team to execute on security initiatives
​
Education and Experience

• BS/MS in Computer Science, Information Systems, Computer Engineering, or the equivalent in experience and evidence of exceptional ability.
• Excellent understanding and experience in multiple security domains such as application security, mobile security, hardware security, and incident response.
• Programming skills in Java, Kotlin, Swift, Python or other languages.
• Automation and development experience in Python, Go, Rust, C++, JavaScript, etc.
   

Preferred Skills and Competencies

• Strong knowledge of OWASP Mobile Application Security Verificatio standard (MASVS)
• Strong knowledge of OWASP Mobile Application Security Testing Guide (MASTG)
• Strong knowledge of MITRE ATT&CK Framework – Mobile Matrices
• Strong knowledge of NIST Cybersecurity Framework
• Experience with static and dynamic mobile appsec analysis concepts such as penetration testing.
• Experience performing threat modeling and risk analysis of mobile applications
• Experience working to secure the development of medical device applications
• Experience working with multiple stakeholders such as engineering/systems teams, internal
• business units, and external incident response teams throughout the incident lifecycle.
• Possess strong English writing and communication skills.

NOTE: This position is eligible for 100% remote working arrangements (may work from home/virtually 100%; may also work hybrid on-site/virtual as desired). #LI-Remote