Senior Security Engineer – Medical Device Cybersecurity & Compliance

• Drive end-to-end cybersecurity integration across the medical device product development life cycle
• Develop and maintain cybersecurity for medical products, including security requirements specifications, risk assessments, threat models, and product security architecture documentation
• Conduct thorough gap assessments to evaluate compliance with IEC 81001-5-1, IEC 60601-4-5, AAMI TIR 57, and AAMI TIR 97 standards, and implement remediation measures
• Perform hands-on vulnerability assessments, penetration testing, and secure code reviews of embedded devices, IoMT components, and connected systems
• Collaborate closely with development, compliance, and regulatory teams to ensure product security measures meet both internal security policies and external regulatory expectations
• Support SBOM management, software supply chain risk evaluations, and third-party component analysis
• Provide expert input on secure communication protocols, encryption standards, data protection for both at-rest and in-transit data, and cloud-based connectivity of medical systems
• Assist in developing incident response strategies
• Contribute to the continuous enhancement of internal secure development processes, tools, and methodologies, while championing security best practices within product teams

• Minimum of 6 years of experience in cybersecurity
• At least 3 years focused on medical devices, embedded systems, or IoT security
• Proven track record in authoring security design, defining technical requirements, and documenting security architectures aligned with regulatory needs
• Hands-on experience in embedded system security including secure boot, firmware security, threat modeling techniques (e.g., STRIDE, DREAD), and product-level risk assessments
• Strong understanding of IEC 81001-5-1, IEC 60601-4-5, AAMI TIR 57, and AAMI TIR 97
• Working knowledge of the medical device product development lifecycle and quality standards like ISO 14971
• Demonstrated expertise in vulnerability management and penetration testing of connected products across device and cloud ecosystems
• Excellent problem-solving skills, critical thinking, and ability to lead gap analysis and remediation activities in regulated environments
• Strong collaboration skills with the ability to influence cross-functional teams including R&D, compliance, and product management

Familiarity with data privacy and interoperability standards such as HIPAA, GDPR, and HL7