Job
Description
We are seeking a skilled and proactive Medical Device Cybersecurity Engineer to join our team. This position plays a critical role in ensuring the cybersecurity and regulatory compliance of our connected medical devices throughout the product lifecycle. The ideal candidate has hands-on experience in threat modeling, managing third-party software components, performing vulnerability scans and penetration testing, and collaborating across cross-functional teams to integrate robust cybersecurity controls in accordance with FDA and global regulatory requirements. Key Responsibilities: Perform and maintain comprehensive threat modeling (e.g., STRIDE) for embedded and connected medical devices. Perform regular vulnerability scans, penetration testing , and static/dynamic analysis using tools such as Kali Linux, Metasploit, Wireshark, NMAP, Fortify, Nessus, or similar. Develop and update cybersecurity risk assessments as part of the overall risk management process (including CVSS scoring). Define, implement, and document security controls based on threat model outcomes. Manage and maintain Software Bill of Materials (SBOM) in compliance with FDA premarket and post-market guidance and global standards (e.g., NTIA, NIST). Support secure software development lifecycle (SDLC) practices including secure coding reviews. Conduct cybersecurity surveillance for new threats, advisories, CVEs, and zero-day vulnerabilities that may impact devices post-market. Triage and assess reported vulnerabilities, coordinate remediation and update documentation accordingly. Support preparation of cybersecurity documentation for FDA submissions (e.g., premarket submissions, 510(k), PMA) including security risk management reports and architecture diagrams. Ensure compliance with FDA applicable standards (e.g., ISO 14971, IEC 62304, ANSI/AAMI SW96:2023) Collaborate with Quality, Regulatory, and Engineering to ensure cybersecurity is integrated across the product lifecycle. Collaborate with software, hardware, and systems teams to guide cybersecurity design and testing. Qualifications Required: Bachelors or Masters degree in Computer Engineering, Cybersecurity, Electrical Engineering, or related field. 57 years of experience in embedded systems or medical device cybersecurity. Strong working knowledge of SBOM, SOUP, vulnerability scanning tools, penetration testing, and threat modeling methodologies. Familiarity with relevant regulations and standards (e.g., FDA Cybersecurity Guidance, NIST SP 800-53/30/218, ANSI/AAMI SW96:2023). Experience with secure development tools and CI/CD environments. Preferred: Certified Ethical Hacker (CEH), CISSP, CSSLP, or similar certification. Experience with connected devices (IoMT), wireless protocols (BLE, Wi-Fi), and cloud security principles. Familiarity with DevSecOps practices and security tools integration.
