Why KARL STORZ?
At KARL STORZ, we are driven by innovation and a commitment to improving patient outcomes through cutting-edge medical technology. As a global leader in endoscopy and medical imaging, we offer an environment where collaboration, technical excellence, and continuous learning are highly valued. Join a team where your cybersecurity expertise will directly contribute to the development of secure, compliant, and life-changing healthcare technologies.
Position Summary
The Application Security Engineer III serves as the technical lead for cybersecurity compliance and secure product development initiatives, with primary responsibility for achieving and maintaining Department of Defense (DoD) Authorization to Operate (ATO) certifications under the Risk Management Framework (RMF). This role partners closely with Software Engineering, Systems Engineering, Quality, Regulatory, and Product Management teams to ensure products meet cybersecurity requirements throughout the development lifecycle.
Key Responsibilities
DoD RMF & ATO Leadership
Lead and maintain DoD Authorization to Operate (ATO) certifications.
Serve as the primary cybersecurity contact for DoD-related projects.
Manage RMF compliance activities, including STIG and SCAP scanning, POA&M management, and risk mitigation planning.
Author and maintain cybersecurity documentation, risk analyses, and compliance reports.
Support certification audits, renewals, and customer-facing cybersecurity reviews.
Product Security & Verification
Verify cybersecurity requirements through testing, documentation, and validation activities.
Partner with engineering teams to implement secure development practices.
Support threat modeling, vulnerability management, and security testing throughout the SDLC.
Participate in product security reviews and provide risk mitigation recommendations.
DevSecOps & Security Operations
Design and maintain DevSecOps pipelines with automated security testing and vulnerability scanning.
Support secure CI/CD practices and compliance monitoring.
Establish and maintain cybersecurity lab environments and test infrastructure.
Cross-Functional Collaboration
Collaborate with R&D, Quality, Regulatory, IT, Operations, and Product Management teams.
Communicate cybersecurity risks, requirements, and recommendations to technical and non-technical stakeholders.
Participate in customer meetings, technical reviews, and occasional on-site visits.
Qualifications
Required
Bachelors degree in Computer Science, Cybersecurity, Information Systems, or a related technical field.
5+ years of cybersecurity experience (4+ years with a Masters degree).
Experience supporting application, product, or embedded cybersecurity in regulated industries such as medical devices, defense, or aerospace.
Hands-on experience with DoD RMF, STIGs, SCAP tools, and POA&M management.
Knowledge of NIST frameworks, including NIST 800-53 and NIST 800-171.
Experience with secure software development, vulnerability management, risk assessment, and DevSecOps practices.
Experience with Windows and Linux hardening, network security, and system compliance validation.
Strong communication, analytical, organizational, and problem-solving skills.
Preferred
Experience obtaining or maintaining DoD ATO certifications.
Knowledge of FDA cybersecurity guidance and medical device security standards.
Certifications such as CISSP, Security+, CEH, or GSEC.
Experience with cloud security, container security, and automated testing frameworks.
Experience working in Linux, Windows Server, virtualized environments, and network security architectures.
Masters degree in a related technical discipline.
Additional Information
Travel: Up to 10%
Physical Requirements: Ability to sit for extended periods and lift equipment up to 20 pounds occasionally.
Work Environment: Fast-paced, collaborative environment supporting highly regulated medical technology products.