Job
Description
We are seeking a seasoned Senior Security Engineer to lead the integration of cybersecurity practices throughout the medical device product lifecycle. The ideal candidate will have deep expertise in medical device security, regulatory compliance, and hands-on experience with embedded systems and IoMT devices. This role is pivotal in ensuring our products meet stringent security and regulatory standards while advancing innovation in healthcare technology. Key Responsibilities: Drive end-to-end cybersecurity integration from product concept through release, embedding security into the medical device development lifecycle. Develop and maintain comprehensive cybersecurity documentation including security requirements, risk assessments, threat modeling, and security architecture for medical products. Conduct gap assessments and ensure compliance with standards such as IEC 81001-5-1, IEC 60601-4-5, AAMI TIR 57, and AAMI TIR 97, implementing remediation plans as needed. Perform vulnerability assessments, penetration testing, and secure code reviews on embedded devices, IoMT components, and connected medical systems. Collaborate cross-functionally with development, compliance, and regulatory teams to align security measures with internal policies and external regulations. Support Software Bill of Materials (SBOM) management, software supply chain risk analysis, and third-party component evaluations to enhance software transparency and reduce risk. Provide expertise on secure communication protocols, encryption techniques, data protection (both at-rest and in-transit), and cloud connectivity for medical systems. Assist in developing and refining incident response strategies, incorporating knowledge of HIPAA, GDPR, and HL7 to safeguard patient data and comply with healthcare regulations. Champion security best practices, continuously improve secure development processes, and mentor product teams to foster a strong security culture. Qualifications: 5 to 10 years of experience in cybersecurity, with a focus on medical device security and regulatory compliance. Strong knowledge of relevant standards and regulations: IEC 81001-5-1, IEC 60601-4-5, AAMI TIR 57, AAMI TIR 97, HIPAA, GDPR, HL7. Hands-on expertise in vulnerability assessment, penetration testing, and secure code review for embedded/IoMT devices. Experience with software supply chain security, SBOM, and third-party risk management. Proficiency in cryptography, secure communications, and data protection best practices. Ability to work collaboratively across teams and communicate complex security concepts clearly. Relevant certifications (e.g., CISSP, CEH, GICSP) are a plus. Location: Ahmedabad or Pune Job Types: Full-time, Permanent Schedule: Day shift Ability to commute/relocate: Pune, Maharashtra: Reliably commute or willing to relocate with an employer-provided relocation package (Preferred) Experience: Senior Security β Medical Device: 5 years (Required) Work Location: In person
