Product Security Engineer – Vulnerability Management (SBOM)

Product Security Engineering

• Partner with software, systems, firmware, and hardware engineering teams to integrate cybersecurity controls throughout the medical device development lifecycle.
• Support secure-by-design initiatives across embedded and connected medical device platforms.
• Help implement and validate security capabilities such as:
  • secure boot
  • secure communications
  • authentication and authorization
  • encryption and data protection
  • software update mechanisms
  • access control and system hardening

Risk Assessment & Threat Modeling

• Conduct threat modeling and vulnerability assessments for medical devices and connected systems.
• Identify, prioritize, and help mitigate cybersecurity risks across product architectures and system integrations.
• Support vulnerability management activities and security remediation efforts.

Security Architecture & Engineering Collaboration

• Contribute to the design and delivery of secure medical device architectures.
• Collaborate closely with embedded, firmware, systems, cloud, and platform engineering teams to improve overall product security posture.
• Provide pragmatic engineering guidance balancing cybersecurity, patient safety, usability, and product performance.

Regulatory & Industry Standards

• Apply cybersecurity best practices and frameworks including:
  • NIST
  • OWASP
  • IEC 81001-5-1
  • ISO 14971
  • FDA cybersecurity guidance
• Support security documentation and regulatory activities related to medical device cybersecurity.

Technical Leadership

• Serve as a subject matter expert for product cybersecurity initiatives.
• Mentor engineers and promote secure development practices across teams.
• Stay current on emerging cybersecurity threats, vulnerabilities, and trends impacting medical devices and healthcare technologies.
• Contribute to long-term product security strategy and cyber resilience initiatives.

Required Qualifications

• Bachelor’s degree in Computer Science, Computer Engineering, Electrical Engineering, Cybersecurity, or a related technical field.
• 4+ years of experience in Product Security, Embedded Security, Medical Device Security, or related cybersecurity engineering roles.
• Experience securing embedded systems or connected devices within regulated industries.
• Strong understanding of:
  • secure software development lifecycle (SSDLC)
  • threat modeling
  • vulnerability assessment
  • security-by-design principles
• Familiarity with cybersecurity frameworks and standards such as NIST and OWASP.
• Experience collaborating directly with engineering teams to identify and mitigate product security risks.
• Strong communication and cross-functional collaboration skills.

Preferred Qualifications

• Experience with cybersecurity for medical devices or healthcare technologies.
• Familiarity with:
  • IEC 81001-5-1
  • ISO 14971
  • FDA premarket and post-market cybersecurity guidance
• Experience supporting cybersecurity activities for FDA submissions or regulated product releases.
• Exposure to connected healthcare systems or cloud-connected medical devices.
• Experience with vulnerability management programs for embedded products.
• Working knowledge of scripting languages such as Python or Bash.
• Security certifications such as:
  • CISSP
  • CompTIA Security+
  • GIAC
  • CEH
    or similar.