Company - Naico ITS

Position - Penetration Testing

Experience - 5+ years

Location - Kochi ( 5 Days WFO)

About Naico ITS :

Naico ITS is a premier technology company specialized in providing custom engineered software solutions to business enterprises around the world. Naico was founded in mid-2005 by a team of highly accomplished US returned technology professionals with the vision of building a world-class technology company. Naico is head quartered in Infopark technology campus in the city of Kochi, a beautiful green city on the southern tip of India.

About the Role :

We are seeking an experienced and highly skilled Penetration Tester with a strong background in medical devices and healthcare systems. The role involves simulating sophisticated cyberattacks to identify vulnerabilities, strengthen product security, and ensure compliance with medical device cybersecurity regulations (FDA, IEC 62304, ISO/IEC 27001, etc.). This is a critical role that directly contributes to patient safety and product reliability.

Key Responsibilities

• Conduct penetration testing, vulnerability assessments, and security audits on medical devices, embedded systems, and healthcare applications.

• Simulate real-world cyberattacks to identify security risks across firmware, software, mobile applications, and cloud platforms.

• Perform threat modeling and risk assessments tailored to medical device environments.

• Collaborate with product engineering, QA, and compliance teams to remediate vulnerabilities and recommend secure design practices.

• Ensure testing meets regulatory guidelines including FDA premarket/postmarket cybersecurity guidance, HIPAA, and IEC 81001-5-1.

• Develop detailed penetration test reports with exploits, risk ratings, and remediation recommendations.

• Stay updated on evolving healthcare/IoMT (Internet of Medical Things) cybersecurity threats and tools.

Required Skills & Qualifications

• 5+ years of penetration testing experience, preferably in medical devices, healthcare, or embedded systems.

• Proficiency in tools such as Burp Suite, Metasploit, Nmap, Kali Linux, Wireshark, Nessus, IDA Pro, Ghidra, etc.

• Strong understanding of embedded system security, wireless protocols (Bluetooth, BLE, Zigbee, Wi-Fi), and IoT device testing.

• Familiarity with FDA cybersecurity guidance, HIPAA, IEC 62304, ISO 14971 (risk management).

• Expertise in application security testing (web, mobile, API) and secure coding practices.

• Solid knowledge of network security, cryptography, authentication protocols, and cloud security.

• Certifications preferred: OSCP, OSWE, CEH, GPEN, GWAPT, CISSP (with healthcare security focus is a plus).