Senior Product Security Engineer – Software

Senior Product Security Engineer – Software

Requirements

• Bachelor’s degree in Computer Engineering, Software Engineering, Computer Science, Electrical Engineering, Biomedical engineering, or related technical field.
• Minimum of 4 years of technical experience, or advanced degree with 2 years of technical experience.
• Previous experience as security engineer for software products.
• Experience in cybersecurity, threat modeling, security incident management, and contributing to proactive security strategies.
• Hands-on experience in developing, debugging, and troubleshooting SW issues.
• Experience working in agile software development teams.

Responsibilities

• Support and lead integration of security into the product development lifecycle, ensuring that security considerations are incorporated from design to deployment.
• Conduct threat modeling, security risk evaluations, and vulnerability assessments to identify and mitigate potential security risks throughout the product lifecycle.
• Contribute to the design and deployment of secure medical device architectures and product designs.
• Assist in maintaining and implementing security standards, policies, and procedures for medical device systems and product development.
• Contribute to promoting security awareness and assist in delivering training across cross-functional product development teams.
• Ensure compliance with industry standards and regulations related to medical device and health software product security, such as NIST, IEC 60601-4-5, IEC 81001-5-1, and others.
• Evaluate third-party vendors and suppliers for their security practices and ensure they meet our security requirements.
• Lead and support the effective response to security incidents, ensuring swift resolution, proper mitigation, and clear communication to stakeholders, including customers when needed.
• Maintain detailed documentation of security best practices, guidance, configurations, design patterns, shared service designs, inventories, incident response plans, security architectures, and reports.
• Participate in ongoing professional development to stay current with emerging cybersecurity trends and threats related to medical devices and health software products.

Preferred Qualifications

• Minimum 2 years of embedded device experience in a regulated industry.
• Security certifications (e.g. GSEC, CISSP, CISA, GCIH, CC).
• Bachelor’s degree in related engineering or cybersecurity from an accredited institution.
• Proficiency in secure coding practices and methodologies is highly desirable.
• Ability to adapt to the rapidly evolving cybersecurity landscape and contribute to proactive security strategies.
• Demonstrated ability to identify challenges and propose effective solutions.
• Experience working with junior engineers and willingness to provide guidance and mentorship.
• Familiarity with evolving regulations in the medical device sector and staying updated with relevant security standards.