We are seeking a Senior Product Security Engineer to join a growing R&D organization focused on developing next-generation cardiac ablation and connected medical device solutions.
This role is centered around cybersecurity for medical devices, embedded systems, and connected healthcare technologies. It is not a traditional IT security, SOC, infrastructure, compliance, or GRC-focused position. Instead, we are looking for an engineer who understands how to build secure, reliable, and resilient medical products that operate safely in real-world clinical environments.
The ideal candidate brings hands-on experience working closely with engineering teams to integrate cybersecurity into embedded software, firmware, connected devices, and product development processes within regulated industries.
This position offers the opportunity to become one of the first dedicated Product Security Engineers within the team and collaborate globally with cross-functional engineering and cybersecurity organizations.
Required Qualifications
- Bachelor’s degree in Computer Science, Computer Engineering, Electrical Engineering, Cybersecurity, or a related technical field.
- 4+ years of experience in Product Security, Embedded Security, Medical Device Security, or related cybersecurity engineering roles.
- Experience securing embedded systems or connected devices within regulated industries.
- Strong understanding of: secure software development lifecycle (SSDLC), threat modeling, vulnerability assessment, security-by-design principles.
- Familiarity with cybersecurity frameworks and standards such as NIST and OWASP.
- Experience collaborating directly with engineering teams to identify and mitigate product security risks.
- Strong communication and cross-functional collaboration skills.
Preferred Qualifications
- Experience with cybersecurity for medical devices or healthcare technologies.
- Familiarity with: IEC 81001-5-1, ISO 14971, FDA premarket and post-market cybersecurity guidance
- Experience supporting cybersecurity activities for FDA submissions or regulated product releases.
- Exposure to connected healthcare systems or cloud-connected medical devices.
- Experience with vulnerability management programs for embedded products.
- Working knowledge of scripting languages such as Python or Bash.
- Security certifications such as: CISSP, CompTIA Security+, GIAC, CEH,or similar.
Responsibilities:
- Product Security - Implement security requirements across the medical device development lifecycle by partnering with cross-functional teams and applying best practices from design through deployment.
- Risk Assessment - Conduct threat modeling and vulnerability assessments to identify, prioritize, and help mitigate security risks throughout the product lifecycle.
- Security Architecture - Support the design and delivery of secure medical devices through implementation of capabilities such as secure boot, secure communications, data protection, software update mechanisms, system integration protections, and access controls.
- Security Standards - Apply medical device cybersecurity standards and guidance, including NIST, OWASP, and IEC 81001-5-1, and partner with development teams to strengthen security practices.
- Technical Leadership - Stay current on cybersecurity trends affecting medical devices and health software, share best practices, and help advance long-term product security strategy.