Product Cybersecurity Engineer

Give hope. Give health. Make your mark in the fight against cancer.

At Accuray, we make a direct and powerful impact on the lives of cancer patients every day — helping them live longer, better lives. But our commitment to innovation offers a truly unique opportunity: the chance to change the fight against cancer — helping to develop, introduce and support new treatment delivery systems and software that will give new hope and new health to cancer patients and cancer survivors around the world.

Accuray develops, manufactures and sells radiotherapy systems for alternative cancer treatments. Our radiation therapy for cancer makes treatment shorter, safer, personalized and more effective, ultimately enabling patients to live longer, better lives.

Job Description

Company Statement:

Give hope. Give health. Make your mark in the fight against cancer.

At Accuray, we make a direct and powerful impact on the lives of cancer patients every day — helping them live longer, better lives. But our commitment to innovation offers a truly unique opportunity: the chance to change the fight against cancer — helping to develop, introduce and support new treatment delivery systems and software that will give new hope and new health to cancer patients and cancer survivors around the world.

Accuray develops, manufactures and sells radiotherapy systems for alternative cancer treatments. Our radiation therapy for cancer makes treatment shorter, safer, personalized and more effective, ultimately enabling patients to live longer, better lives.

SUMMARY: 

As a Product Cybersecurity Engineer you are responsible for ensuring the security of Accuray products. In this role you will collaborate closely with other engineers and cross-functional team members within the organization to ensure that our products are secure.

REPORTING TO/DEPARTMENT: 

Reports to the Group Lead, Product Cybersecurity in the Product Integration department

ESSENTIAL DUTIES AND RESPONSIBILITIES:

• Security reviews for new products, technologies, and services
• Secure systems development including design, architecture, and implementation
• Deep technical understanding of common security vulnerabilities and risks, as well as countermeasures and compensating controls
• Analyze cybersecurity vulnerabilities identified in Accuray software
• Perform cybersecurity risk assessments
• Develop mitigation and remediation plans for security vulnerabilities
• Secure development life cycle (SDLC) practices including threat modeling and security testing
• Influence decision-makers and stakeholders to achieve a consistently high security bar
• Conduct network and/or application penetration testing
• Create security guidance and documentation
• Lead security projects (including security reviews, tool development, and creation of new security practices) with end-to-end ownership
• Understand security concerns regarding Accuray products
• Participate in incident response activities

CORE COMPETENCIES:

• Personal Excellence
  • Effective in communication, demonstrates professionalism at all times, and has an accurate picture of self
• Strengthening the Team
  • Demonstrates high performance standards and effectively collaborates with the team, demonstrates a sense of ownership over assigned deliverables, and shows a high degree of motivation toward achieving individual and team goals
• Drive for Results
  • Applies financial discipline and a good business sense, supports change, and makes high quality and timely decisions

REQUIRED QUALIFICATIONS:

• Preferred or Desired:
  • Knowledge of Linux and Windows operating systems
  • Knowledge of Networking protocols
  • Excellent problem solving/troubleshooting skills
  • Experience working in an FDA regulated environment
  • Excellent verbal and written communication skills
  • Excellent organizational skills
  • Experience with one or more scripting language preferably PowerShell or Python
  • Professional experience with applied cryptography
  • Professional experience building or reviewing threat models
  • Professional experience conducting security assessments, including penetration testing
  • Professional experience with NIST 800-53Rev 4/5 - "Security and Privacy Controls for Federal Information Systems and Organizations"

• Required:
• Bachelor (undergraduate) degree in a relevant field (Computer Science, Software Engineer, Security, or others) OR an equivalent combination of education, training, and experience
• Minimum of 5 years of professional experience in IT related field
• Minimum of 2 years of professional experience with any combination of at least 2 security focused technical disciplines, including the following: cloud security, network security, application security, mobile security, secure development methodologies, secure software development and coding, identity management, authentication and authorization, network architecture, system administration, and systems engineering

WORKING CONDITIONS

• Indoor Environment: The position takes place indoors, providing a comfortable and climate-controlled workspace
• Sedentary Work: This role involves extended periods of sitting and working at a desk, requiring good ergonomic practices
• Computer Usage: Proficiency with computers, including software applications and communication tools, is essential for tasks and collaboration
• Minimal Physical Strain: While physical demands are generally low, occasional light lifting and moving of objects might be required
• Structured Schedule: This position usually follows regular business hours, promoting a consistent and predictable work routine

PAY TRANSPARENCY

The range for this position is $87,000 – $158,000. Each candidate’s compensation offer will be based on multiple factors including, but not limited to, geography, experience, skills, future potential and internal pay parity.  As a part of the total compensation package, this role may be eligible for the Accuray Bonus Plan or a role-specific commission/bonus. Recruiters can share more detail during the hiring process.

To qualify for this position, candidates must be able to furnish proof that they are authorized to work in the country they are applying on a permanent basis without sponsorship.

EEO Statement

At Accuray, our commitment to patient-first outcomes drives an inclusive and collaborative work environment where the best ideas rise to the top — and everyone works to push them further. We value diversity in both the professional and personal backgrounds of our employees, as this variety adds rich energy to every team, every project and every work day. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or national origin – including individuals with disabilities and veterans.