Role Overview
We are seeking a Senior Product Security Engineer to support the design, development, and lifecycle management of secure medical products. This role focuses on identifying cybersecurity risks, ensuring regulatory compliance, and collaborating with cross-functional teams to embed security into both hardware and software systems.
Key Responsibilities
- Conduct cybersecurity risk analysis, threat modeling, and develop mitigation strategies for medical products
- Collaborate with Quality, Regulatory, Legal, Marketing, and Sales teams to ensure compliance with cybersecurity, HIPAA, and GDPR requirements
- Lead and support product security activities across hardware and software, including:
- System hardening
- Automated and manual penetration testing
- Vulnerability scanning and remediation
- Perform manual and automated code reviews for complex embedded and clinical application software
- Develop, implement, and maintain security policies, procedures, and documentation aligned with industry standards
- Automate security and compliance tasks using scripting languages such as Python, PowerShell, or Ruby
- Lead cybersecurity documentation requests from internal and external stakeholders
- Support or lead incident response activities, vulnerability & exploitability (V&E) assessments, and resolution of security incidents
Required Qualifications
- Bachelor's degree in Computer Science, Software Engineering, or a related discipline
- 3+ years of relevant work experience in product or application security
- Strong understanding of one or more security standards/frameworks, such as:
- NIST 800-53
- IEC 80001-2-8
- ISO/IEC 27002
- ISO 27799
- IEC 15408-2
- IEC 62443-3-3
- Solid knowledge of Linux operating systems
- Experience securing medical devices or embedded systems
- Hands-on experience with threat modeling, VAPT, and risk assessments
Preferred Qualifications
- Experience in security requirements, data security, malware analysis, vulnerability assessment, and penetration testing using commercial or open-source tools
- Strong understanding of networking concepts
- Familiarity with quality and regulatory standards, including:
- IEC 62304
- IEC 60601
- 21 CFR Part 820
- Security certifications such as CISSP-ISSAP, CCSP, OSCP (or equivalent)
