Job Title

Role OverviewWe are seeking a Senior Product Security Engineer to support the design, development, and lifecycle management of secure medical products. This role focuses on identifying cybersecurity risks, ensuring regulatory compliance, and collaborating with cross-functional teams to embed security into both hardware and software systems.Key ResponsibilitiesConduct cybersecurity risk analysis, threat modeling, and develop mitigation strategies for medical productsCollaborate with Quality, Regulatory, Legal, Marketing, and Sales teams to ensure compliance with cybersecurity, HIPAA, and GDPR requirementsLead and support product security activities across hardware and software, including:System hardeningAutomated and manual penetration testingVulnerability scanning and remediationPerform manual and automated code reviews for complex embedded and clinical application softwareDevelop, implement, and maintain security policies, procedures, and documentation aligned with industry standardsAutomate security and compliance tasks using scripting languages such as Python, PowerShell, or RubyLead cybersecurity documentation requests from internal and external stakeholdersSupport or lead incident response activities, vulnerability & exploitability (V&E) assessments, and resolution of security incidentsRequired QualificationsBachelor’s degree in Computer Science, Software Engineering, or a related discipline3+ years of relevant work experience in product or application securityStrong understanding of one or more security standards/frameworks, such as:NIST 800-53IEC 80001-2-8ISO/IEC 27002ISO 27799IEC 15408-2IEC 62443-3-3Solid knowledge of Linux operating systemsExperience securing medical devices or embedded systemsHands-on experience with threat modeling, VAPT, and risk assessmentsPreferred QualificationsExperience in security requirements, data security, malware analysis, vulnerability assessment, and penetration testing using commercial or open-source toolsStrong understanding of networking conceptsFamiliarity with quality and regulatory standards, including:IEC 62304IEC 6060121 CFR Part 820Security certifications such as CISSP-ISSAP, CCSP, OSCP (or equivalent)