[Remote] Penetration Tester (with Healthcare exp)(Remote)( independent visas required only)

Note: The job is a remote job and is open to candidates in USA. TestingXperts is seeking an experienced Penetration Tester with specialized knowledge in medical devices and FDA 510(k) compliance to support their cybersecurity efforts. The role involves conducting Threat Modelling, Ethical hacking, and vulnerability assessments in FDA-regulated environments to ensure connected medical products meet security standards. Responsibilities • Strategize and plan static and dynamic application security testing (SAST/DAST/ SCA) tools • Conduct manual and automated penetration testing on medical devices, embedded systems, and healthcare applications • Identify, exploit, and document vulnerabilities in both hardware and software used in Class II/III devices • Collaborate with R&D, Regulatory, and Quality teams to ensure test findings are addressed in FDA 510(k) submissions • Prepare detailed technical reports and risk assessments that meet FDA and ISO/IEC 81001-5-1 requirements • Assist in the development and validation of Secure Software Development Lifecycle (SSDLC) practices • Support threat modeling, risk management, and cybersecurity assessments required by FDA premarket guidance (e.g., Cybersecurity in Medical Devices) • Stay current on regulatory guidance (FDA, NIST, IEC 62443, ISO 14971) and industry best practices Skills • Strong understanding of penetration testing methodologies (e.g., OWASP, PTES, MITRE ATT&CK) • Familiarity with medical device communication protocols (e.g., BLE, Zigbee, HL7, DICOM, MQTT) • Secure coding practices: Knowledge of secure coding standards (e.g. OWASP top 10, OWASP ASVS) and experience in reviewing code for security vulnerabilities • Proficient with tools like Burp Suite, OWASP ZAP, Metasploit, Nmap, Wireshark, Kali Linux, etc • Experience testing embedded systems, firmware, and mobile/IoT medical applications • Familiarity with Git version control, CI/CD pipeline and bug tracking tools • Strong command line skills and troubleshooting experience in Linux environments • Threat Modelling: Ability to conduct threat modelling sessions to identify and mitigate security risks • In-depth understanding of FDA 510(k) submission processes and cybersecurity requirements • Familiarity with FDA premarket guidance (2023 updates), post market management, and SBOM expectations • Understanding of HIPAA, GDPR, and other data protection regulations as they relate to medical devices • Bachelor's or Master's degree in Computer Science, Cybersecurity, Biomedical Engineering, or related field • 5-8 years of experience in cybersecurity testing, with at least 2 years in the medical device industry • Experience with testing and securing gRPC APIs • Hands-on experience in AWS cloud security and compliance • Proficiency in python programming knowledge to develop automations • Experience with implementing security hardening to operating systems (Linux and Windows) as part of secure baselines that is used in end product • Experience working directly on 510(k) submissions or as part of an FDA audit • Prior work in a regulated QMS (ISO 13485, FDA CFR 21 Part 820) • Knowledge of DevSecOps integration • Certifications preferred: OSCP, CISSP, CEH, GICSP, or CRISC Company Overview • Next Gen QA & Software Testing Company It was founded in 1996, and is headquartered in Mechanicsburg, Pennsylvania, USA, with a workforce of 1001-5000 employees. Its website is Apply tot his job