Sr. Product Security Engineer (San Diego, CA office)

Abbott is a global healthcare leader that helps people live more fully at all stages of life. Our portfolio of life-changing technologies spans the spectrum of healthcare, with leading businesses and products in diagnostics, medical devices, nutritionals and branded generic medicines. Our 114,000 colleagues serve people in more than 160 countries.

     

JOB DESCRIPTION:

Working at Abbott

At Abbott, you can do work that matters, grow, and learn, care for yourself and your family, be your true self, and live a full life. You’ll also have access to:

• Career development with an international company where you can grow the career you dream of.

• Employees can qualify for free medical coverage in our Health Investment Plan (HIP) PPO medical plan in the next calendar year.

• An excellent retirement savings plan with a high employer contribution

• Tuition reimbursement, the Freedom 2 Save student debt program, and FreeU education benefit - an affordable and convenient path to getting a bachelor’s degree.

• A company recognized as a great place to work in dozens of countries worldwide and named one of the most admired companies in the world by Fortune.

• A company that is recognized as one of the best big companies to work for as well as the best place to work for diversity, working mothers, female executives, and scientists.

The Opportunity

This position works on site daily in our San Diego, CA location in Abbott Rapid Diagnostics, Infectious Diseases business unit. Our diagnostic solutions are used in hospitals, laboratories, and clinics around the globe. The crucial information derived from our tests, instruments, and informatics systems is often the first step in patient care decision-making for hundreds of health conditions from heart attacks to blood disorders to infectious diseases and cancers.

We’re offering a hands-on opportunity for a Sr. Product Security Engineer. This role focuses on integrating cybersecurity into the product lifecycle, ensuring our devices meet regulatory requirements and protect patient safety.

What You’ll Work On

You’ll work as part of a cross-functional team to embed security into the design, development, and maintenance of medical devices. Your work will support threat modeling, risk assessments, vulnerability management, and regulatory compliance, helping ensure our products are secure and resilient.

• Participate in threat modeling and security architecture reviews for embedded medical devices and supporting software.

• Collaborate with engineering, quality, and regulatory teams to apply secure-by-design principles throughout development.

• Support risk assessments and contribute to risk mitigation strategies aligned with FDA and international cybersecurity guidance.

• Implementation of security risk controls and operating system hardening.

• Assist with penetration testing and vulnerability assessments of firmware, hardware interfaces, and software components.

• Help define and maintain security requirements, secure coding practices, and design controls.

• Stay current with emerging threats and vulnerabilities relevant to embedded systems and healthcare technologies.

• Contribute to regulatory documentation and support audits with evidence of cybersecurity controls.

• Share cybersecurity best practices with development teams and support internal training efforts.

• Formulates and implements research and development programs, policies, and procedures required to support profitable growth. 

• Interfaces with appropriate internal and external resources to ensure intellectual property is appropriately protected. 

• Provides technical assistance for diagnosing design and manufacturing quality problems. 

• Guides development and documentation of test plan protocols, standard operating procedures, specifications and test procedures. 

• Complies with U.S. Food and Drug Administration (FDA) regulations, other regulatory requirements, Company policies, operating procedures, processes, and task assignments.  Maintains positive and cooperative communications and collaboration with all levels of employees, customers, contractors, and vendors. 

Key Responsibilities

• Contribute to the development of security controls for new and existing embedded diagnostic devices, including secure boot, firmware integrity, authentication, and encryption.

• Assist in security risk management activities following ISO 14971, IEC 62304, and FDA cybersecurity guidance.

• Support incident response planning and post-market surveillance for cybersecurity events.

• Help ensure alignment with Abbott’s Quality Management System (QMS) and contribute to continuous improvement of cybersecurity processes.

• Apply knowledge of regulatory and industry standards (e.g., NIST CSF, ISO 27001, IMDRF, EU MDR) in day-to-day work.

• Use your knowledge of programming languages such as Java, Python, React

Required Qualifications

• Bachelor’s degree in Computer Engineering, Computer Science, or related field.

• 6+ years of experience in embedded systems, medical device development, or product cybersecurity.

• 10 years of general work experience in related field.

Preferred Qualifications

Please note that these are not requirements, just nice to have on your resume. If you do not have all of these on your resume that's OK!, Please still apply!

• Familiarity with FDA cybersecurity guidance, ISO 14971, IEC 62304, and AAMI TIR57/TIR97/SW96.

• Master's Degree on Technical Related field preferred.

• Solid understanding of embedded software security, hardware attack surfaces, and secure communication protocols.

• Experience with threat modeling, risk assessment, and secure development lifecycle (SDLC) practices.

• Strong communication skills and ability to document technical findings clearly.

• Experience with Java, Python, and embedded Linux development.

• Knowledge of cryptographic protocols, secure boot, code signing, and key management.

• Familiarity with hardware interfaces (e.g., UART, SPI, I2C) and their security implications.

• Experience with static/dynamic code analysis tools (e.g., SonarQube, Veracode).

• Understanding of postmarket surveillance, vulnerability disclosure, and incident response in regulated environments.

• Experience in Threat Modeling using tools such as Microsoft Threat Modeling Tool

• Understanding of the relationship between threat, vulnerability and potential risk in the context of risk management.

• Knowledge of national and international regulatory compliances and frameworks such as NIST Cybersecurity Framework, ISO 27001, EU DPD, HIPAA/HITECH

• Ability to translate complex IT Security problems and issues into simple business terms/business impact.

• X.509 certificates and PKI Hierarchy definition and management.

• Knowledge of industry standards and frameworks such as NIST 800-53, FIPS  140-2/3, Cybersecurity Maturity Model Certification (CMMC), Risk Management Framework (RMF), Authority to Operate (ATO), FISMA, FedRAMP.

• Certifications such as CISSP, CSSLP, or GICSP are a plus.

Learn more about our health and wellness benefits, which provide the security to help you and your family live full lives:  www.abbottbenefits.com

Follow your career aspirations to Abbott for diverse opportunities with a company that can help you build your future and live your best life. Abbott is an Equal Opportunity Employer, committed to employee diversity.

Connect with us at www.abbott.com, on Facebook at www.facebook.com/Abbott, and on Twitter @AbbottNews.

     

The base pay for this position is

$98,000.00 – $196,000.00

In specific locations, the pay range may vary from the range posted.

     

JOB FAMILY:

Product Development

     

DIVISION:

ID Infectious Disease

        

LOCATION:

United States > San Diego : 4545 Towne Center Court

     

ADDITIONAL LOCATIONS:

     

WORK SHIFT:

Standard

     

TRAVEL:

Yes, 5 % of the Time

     

MEDICAL SURVEILLANCE:

No

     

SIGNIFICANT WORK ACTIVITIES:

Continuous sitting for prolonged periods (more than 2 consecutive hours in an 8 hour day), Keyboard use (greater or equal to 50% of the workday)

     

Abbott is an Equal Opportunity Employer of Minorities/Women/Individuals with Disabilities/Protected Veterans.

     

EEO is the Law link - English: http://webstorage.abbott.com/common/External/EEO_English.pdf

     

EEO is the Law link - Espanol: http://webstorage.abbott.com/common/External/EEO_Spanish.pdf