Product Security Engineer

Job Summary:

We are seeking a skilled and motivated Medical Device Product Security Engineer to join our cross-functional product development team. This role is responsible for ensuring that our medical devices are designed, developed, and maintained with the highest security standards. You will work closely with engineering, quality, IT, and regulatory teams to integrate security throughout the product lifecycle — from concept to post-market surveillance — ensuring compliance with global cybersecurity standards in healthcare.

Key Responsibilities:

SOUP Management: Identify and document SOUP (Software of Unknown provenance) components, including versioning, source, and intended functionality. Monitor and evaluate vulnerabilities in third-party libraries and open-source tools.

Threat Modeling & Risk Assessment: Conduct security risk assessments (including TARA - Threat Analysis and Risk Assessment), and vulnerability assessments across the product portfolio.

Vulnerability Management: Identify, track, and remediate vulnerabilities in coordination with internal teams and third-party vendors.

Secure Coding & Review: Support development teams with secure coding practices and conduct code reviews for security flaws.

Regulatory Compliance: Ensure compliance with relevant regulatory and industry frameworks (e.g., FDA Pre/Post market Cybersecurity Guidance, EU MDR, ISO/IEC 81001-5-1, ISO 14971, NIST 800-53/30, UL 2900).

Security Testing: Collaborate with internal and external testers for static and dynamic analysis, penetration testing, fuzzing, and other assessments.

Incident Response & Monitoring: Support product cybersecurity incident response planning, monitoring, and post-market surveillance activities.

Documentation: Produce clear and comprehensive documentation for regulatory submissions, audits, and internal security reviews.

Qualifications:

Required:

Bachelor’s or master’s degree in Cybersecurity, Computer Engineering, Biomedical Engineering, or a related field.

8+ years of experience in product security, preferably in medical devices, embedded systems, or regulated industries.

Solid understanding of cybersecurity principles, secure software development lifecycle (SSDLC), and risk management.

Experience with .

Familiarity with security assessment tools (e.g., Coverity).

Knowledge of regulatory cybersecurity frameworks relevant to medical devices.

Preferred:

Experience working with FDA cybersecurity requirements, ISO/IEC 81001-5-1, and SBOM generation.

Knowledge of IEC 62304, ISO 13485, ISO 14971, and other Medtech standards.

Key Skills:

Strong analytical and problem-solving skills

Excellent communication and documentation abilities

Team player with cross-functional collaboration experience

Strong attention to detail and regulatory mindset