High Level Description
Significant advancements have been made in the medical industry regarding data science and cloud connectivity, leading to a rapid increase in the integration of connected edge devices in hospital/home care settings. However, the medical tools these devices are connected to are often legacy devices with constrained resources making them vulnerable to cyber threats. If exploited, these vulnerabilities could lead to loss of patient data, ransomware attacks or direct patient harm. This project aims to systematically explore vulnerabilities of edge devices in the medical industry, identifying weaknesses and proposing mitigation strategies using modern cybersecurity practices.

Project Description
This project focuses on the development of a framework for security assessment of edge devices used in the medical industry. Key objectives include:

• Background: Research current medical edge devices, communication protocols, regulatory requirements, known vulnerabilities and prior attacks.
• Threat modelling: Propose threat models specific to the devices under consideration using STRIDE or similar methods.
• Vulnerability assessment: Perform penetration testing or other methods to assess the vulnerability of edge devices.
• Recommendations: Summarize findings and proposed mitigation strategies citing medical regulations and industry standards in a comprehensive report.

Who are we looking for?

We are seeking a master’s student with a background in Cybersecurity, Computer Science, or related fields to join our project. While previous knowledge of edge devices, hardware interfaces or medical device is beneficial, it is not required. The ideal candidate should have:

• Proficiency in Python and/or C/C++.
• An interest in ethical hacking, embedded security and penetration testing.
• Familiarity with vulnerability assessment tools.
• Willingness to work on high-level threat modelling in security critical systems.
• Fluency in Swedish, both written and spoken.

Purpose
The primary purpose of this thesis is to investigate and secure edge devices used in the medical industry. As the number of devices and their network connectivity grows, devices are more exposed to cyber threats. By developing and implementing a structured testing approach, this project aims to improve the security of these critical components.

The thesis project can be published and used in your personal portfolio as well as in company marketing. Include Resumé/CV and cover letter in your application.

An Exciting Journey with Knightec Group
Semcon and Knightec have joined forces as Knightec Group. Together, we are Northern Europe’s leading strategic partner in product and digital service development. With a unique combination of cross-functional expertise and a holistic business understanding, we help our clients realize their strategies – from idea to complete solution.

Practical Information
This is a thesis position, located at our office in Solna, Rättarvägen 3. Start date 2026-01-20.

Please submit your application as soon as possible, but no later than 2025-11-30. If you have any questions, you are welcome to contact Myko Smid. Note that due to GDPR, we only accept applications through our careers page.