Senior Security Engineer – Medical Device Cybersecurity & Compliance
Ahmedabad, India
Arrow Electronics
Position:Senior Security Engineer – Medical Device Cybersecurity & ComplianceJob Description:Job Description
Job Title: Senior Security Engineer – Medical Device Cybersecurity & Compliance
Experience Level: 5-10 years
Key Responsibilities:
- Drive end-to-end cybersecurity integration across the medical device product development life cycle, ensuring security is embedded from concept to release.
- Develop and maintain cybersecurity for medical products, including security requirements specifications, risk assessments, threat models, and product security architecture documentation.
- Conduct thorough gap assessments to evaluate compliance with IEC 81001-5-1, IEC 60601-4-5, AAMI TIR 57, and AAMI TIR 97 standards, and implement remediation measures.
- Perform hands-on vulnerability assessments, penetration testing, and secure code reviews of embedded devices, IoMT (Internet of Medical Things) components, and connected systems.
- Collaborate closely with development, compliance, and regulatory teams to ensure product security measures meet both internal security policies and external regulatory expectations.
- Support SBOM management, software supply chain risk evaluations, and third-party component analysis to maintain software transparency and mitigate risks.
- Provide expert input on secure communication protocols, encryption standards, data protection for both at-rest and in-transit data, and cloud-based connectivity of medical systems.
- Assist in developing incident response strategies and bring working knowledge of HIPAA, GDPR, and HL7 to address data privacy and healthcare-specific regulatory concerns.
- Contribute to the continuous enhancement of internal secure development processes, tools, and methodologies, while championing security best practices within product teams.
Required Skills and Qualifications:
- Minimum of 6 years of experience in cybersecurity, including at least 3 years focused on medical devices, embedded systems, or IoT security.
- Proven track record in authoring security design, defining technical requirements, and documenting security architectures aligned with regulatory needs.
- Hands-on experience in embedded system security including secure boot, firmware security, threat modeling techniques (e.g., STRIDE, DREAD), and product-level risk assessments.
- Strong understanding of IEC 81001-5-1, IEC 60601-4-5, AAMI TIR 57, and AAMI TIR 97, along with working knowledge of the medical device product development lifecycle and quality standards like ISO 14971.
- Demonstrated expertise in vulnerability management and penetration testing of connected products across device and cloud ecosystems.
- Familiarity with data privacy and interoperability standards such as HIPAA, GDPR, and HL7 is highly desirable.
- Excellent problem-solving skills, critical thinking, and ability to lead gap analysis and remediation activities in regulated environments.
- Strong collaboration skills with the ability to influence cross-functional teams including R&D, compliance, and product management.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
0
0
0
Categories:
Compliance Jobs
Security Engineering Jobs
Tags: Cloud Compliance Encryption GDPR HIPAA HL7 Incident response IoT Pentesting Privacy Product security R&D Risk assessment SBOM Vulnerability management
Perks/benefits: Transparency
Region:
Asia/Pacific
Country:
India
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Information Security Specialist jobsInformation System Security Officer jobsSenior Security Analyst jobsSenior Cloud Security Engineer jobsSenior Cybersecurity Engineer jobsSystems Administrator jobsSystems Engineer jobsInformation Security Manager jobsSenior Information Security Analyst jobsSenior Network Security Engineer jobsIT Security Engineer jobsIT Security Analyst jobsCyber Security Specialist jobsChief Information Security Officer jobsSecurity Consultant jobsSecurity Specialist jobsInformation System Security Officer (ISSO) jobsSenior Cyber Security Engineer jobsInformation Systems Security Engineer jobsSenior Product Security Engineer jobsCyber Threat Intelligence Analyst jobsSenior Information Security Engineer jobsCyber Security Architect jobsSecurity Operations Analyst jobsThreat Intelligence Analyst jobs
Encryption jobsJava jobsBash jobsTS/SCI jobsEDR jobsIDS jobsThreat detection jobsSQL jobsSplunk jobsIPS jobsMalware jobsSDLC jobsTerraform jobsTop Secret jobsFinance jobsForensics jobsSOC 2 jobsRMF jobsDocker jobsIntrusion detection jobsActive Directory jobsCompTIA jobsGIAC jobsOWASP jobsITIL jobs
HIPAA jobsVPN jobsData Analytics jobsIT infrastructure jobsDoDD 8570 jobsOSCP jobsAnsible jobsTCP/IP jobsCRISC jobsSAP jobsUNIX jobsCCSP jobsBanking jobsMITRE ATT&CK jobsSOX jobsSOAR jobsClearance Required jobsSANS jobsJavaScript jobsZero Trust jobsNIST 800-53 jobsMachine Learning jobsEndpoint security jobsSecurity strategy jobsDNS jobs