TestingXperts ยท 5 hours ago
Penetration Tester (with Healthcare exp)(Remote)( independent visas required only)
United States
Contract
Remote
Senior Level
5+ years expTestingXperts is seeking an experienced Penetration Tester with specialized knowledge in medical devices and FDA 510(k) compliance to support their cybersecurity efforts. The role involves conducting Threat Modelling, Ethical hacking, and vulnerability assessments in FDA-regulated environments to ensure connected medical products meet security standards.
DevOpsInformation TechnologyPenetration TestingQuality AssuranceSoftwareUsability Testing
No H1B
Responsibilities
Strategize and plan static and dynamic application security testing (SAST/DAST/ SCA) tools
Conduct manual and automated penetration testing on medical devices, embedded systems, and healthcare applications
Identify, exploit, and document vulnerabilities in both hardware and software used in Class II/III devices
Collaborate with R&D, Regulatory, and Quality teams to ensure test findings are addressed in FDA 510(k) submissions
Prepare detailed technical reports and risk assessments that meet FDA and ISO/IEC 81001-5-1 requirements
Assist in the development and validation of Secure Software Development Lifecycle (SSDLC) practices
Support threat modeling, risk management, and cybersecurity assessments required by FDA premarket guidance (e.g., Cybersecurity in Medical Devices)
Stay current on regulatory guidance (FDA, NIST, IEC 62443, ISO 14971) and industry best practices
Qualification
Required
Strong understanding of penetration testing methodologies (e.g., OWASP, PTES, MITRE ATT&CK)
Familiarity with medical device communication protocols (e.g., BLE, Zigbee, HL7, DICOM, MQTT)
Secure coding practices: Knowledge of secure coding standards (e.g. OWASP top 10, OWASP ASVS) and experience in reviewing code for security vulnerabilities
Proficient with tools like Burp Suite, OWASP ZAP, Metasploit, Nmap, Wireshark, Kali Linux, etc
Experience testing embedded systems, firmware, and mobile/IoT medical applications
Familiarity with Git version control, CI/CD pipeline and bug tracking tools
Strong command line skills and troubleshooting experience in Linux environments
Threat Modelling: Ability to conduct threat modelling sessions to identify and mitigate security risks
In-depth understanding of FDA 510(k) submission processes and cybersecurity requirements
Familiarity with FDA premarket guidance (2023 updates), post market management, and SBOM expectations
Understanding of HIPAA, GDPR, and other data protection regulations as they relate to medical devices
Bachelor's or Master's degree in Computer Science, Cybersecurity, Biomedical Engineering, or related field
5-8 years of experience in cybersecurity testing, with at least 2 years in the medical device industry
Preferred
Experience with testing and securing gRPC APIs
Hands-on experience in AWS cloud security and compliance
Proficiency in python programming knowledge to develop automations
Experience with implementing security hardening to operating systems (Linux and Windows) as part of secure baselines that is used in end product
Experience working directly on 510(k) submissions or as part of an FDA audit
Prior work in a regulated QMS (ISO 13485, FDA CFR 21 Part 820)
Knowledge of DevSecOps integration
Certifications preferred: OSCP, CISSP, CEH, GICSP, or CRISC
Company
TestingXperts
Next Gen QA & Software Testing Company
1001-5000 employees
Funding
Current Stage
Late StageLeadership Team
Manish Gupta
Founder & CEO
Archana Gupta
CFO
Recent News
PR Newswire
2025-09-02
Canada NewsWire
2025-08-14
Company data provided by crunchbase