Senior Product Cybersecurity Engineer (Security by design)

Work Flexibility: Hybrid

Who we want:
We seek an experienced Product Cybersecurity engineer who can provide contribute and/or provide leadership in developing secured Medical devices and applications.
 

What you will do:

As a Product Cybersecurity Engineer, you will participate in project planning, product cybersecurity risk analysis, and risk mitigation strategies. You will contribute or lead to various product cybersecurity tasks and activities established by product design controls and SDLC procedures. You will be involved in all facets of the robotics and enabling technology product development life cycle.

• You will support cybersecurity risk analysis and threat modeling and develop mitigation strategies to develop secure medical products.

• You will work closely with cross-functional teams, including Quality, Regulatory, and Marketing, in driving alignment around product Cybersecurity, HIPAA, and GDPR compliance.

• You have experience designing and implementing security architectures for complex software products and systems.

• You will provide input to project management on scheduling, milestone achievement, and project challenges.

• You possess in-depth knowledge of security technologies and best practices, including cryptography, secure coding, and threat modeling.

• You will support or lead in all product hardware and software security facets, including systems hardening, automated and manual penetration testing, automated vulnerability scanning for compliance, and issue remediation.

• You will lead manual and automated code reviews for complex embedded and clinical application software to identify security flaws.

• You will develop and implement security policies and procedures to ensure compliance with industry standards.

• You will integrate automated security testing into all phases of SDLC.

• You will automate routine tasks and extract valuable data using various scripting languages like PowerShell, Ruby, or Python.

• You will research and implement best practices in the product cybersecurity architecture around security systems, including improper access control, code injection, information exposure, firewalls, and multi-factor authentication.

• You will support or lead cybersecurity documentation requests from legal and sales teams as needed.

• You will support or lead incident response, V&E assessments and manage the resolution of security incidents.

• You have experience leading and mentoring junior engineers.

• You will evaluate emerging security technologies and recommend their adoption to improve the organization’s security posture.

• You will participate in security audits and assessments and ensure compliance with industry standards and regulatory requirements.

What you need:
Minimum Qualifications (Required):

• Bachelor's degree in Software Engineering/ Computer Science or related discipline & 3+ years of work experience

Preferred Qualifications (Strongly desired):

• Experience with security requirements, data security, malware analysis, vulnerability assessment, and penetration testing using off-the-shelf tools and techniques is preferred.

• Understanding one or more security standards/frameworks like NIST 800-53, IEC80001-2-8, IEC 27002, ISO 27799, IEC 15408-2, and IEC 62443-3-3.

• Understanding of Windows and Linux operating systems.

• Experience in securing medical devices or embedded devices.

• Understanding of networking concepts.

• Understanding quality standards like IEC 62304, IEC 60601, and 21CRF 820.

• Experience with threat modeling and risk assessment.

Travel Percentage: 10%