CS
Product Security Engineer
Cynet Systems
Raritan · On-site Full-time $47 – $52/hr 1mo ago
About the role
Job Overview
Pay Range: $47hr - $52hr
Responsibilities
- Support product security activities for medical devices, including contributions to FDA submission deliverables.
- Apply ISO 14971 risk management principles and integrate cybersecurity risks into safety analyses such as FMEA, FMEDA, and hazard analysis.
- Align security activities with IEC 62304 software lifecycle requirements and safety classifications.
- Ensure compliance with FDA cybersecurity premarket guidance and other applicable regulatory standards.
- Perform threat modeling and attack surface analysis using methodologies such as STRIDE.
- Define and implement secure-by-design architecture including authentication, authorization, least privilege, and secure data flows.
- Design and evaluate embedded and firmware security controls including secure boot, signed firmware, root of trust, and secure key storage.
- Apply cryptographic best practices including TLS, certificate lifecycle management, and secure key handling.
- Conduct vulnerability assessments using SAST, DAST, fuzzing, and binary analysis techniques.
- Plan and execute penetration testing activities or coordinate with external security testing teams.
- Analyze and secure networking protocols including TCP/IP, BLE, Wi-Fi, MQTT, and healthcare standards such as HL7/FHIR.
- Manage software supply chain security including SBOM generation and dependency vulnerability tracking.
- Integrate security controls into DevSecOps pipelines including SCA, SAST, secrets scanning, and release gating.
- Develop and maintain required documentation for regulatory submissions.
Required Skills And Experience
- Strong experience in product security within the MedTech or medical device industry.
- Hands-on experience supporting FDA submissions and regulatory cybersecurity requirements.
- Knowledge of ISO 14971 risk management and IEC 62304 software lifecycle standards.
- Experience with threat modeling frameworks such as STRIDE.
- Expertise in secure architecture, embedded systems security, and cryptography.
- Experience in vulnerability assessment, penetration testing, and secure coding practices.
- Strong understanding of networking protocols and secure communications.
- Experience with DevSecOps practices and CI/CD pipeline security integration.
Deliverables
- Product Security Plan.
- Threat Model documentation.
- Risk Assessment reports.
- Vulnerability Assessment reports (CVSS 3.1 / MITRE framework preferred).
- Manufacturer Disclosure Statement for Medical Device Security (MDS2).
- Security White Papers and supporting documentation.
Preferred Qualifications
- Experience with healthcare data standards such as HL7/FHIR.
- Familiarity with hardware security testing and advanced attack techniques.
- Knowledge of global regulatory cybersecurity requirements.
Soft Skills
- Strong analytical and problem-solving skills.
- Excellent documentation and technical writing abilities.
- Strong communication skills with cross-functional teams and stakeholders.
- Detail-oriented with a focus on compliance and quality.
- Ability to manage multiple priorities in a complex, regulated environment.
Skills
BLECI/CDDASTDevSecOpsFHIRFMEAFMEDAFuzzingHazard analysisHL7IEC 62304ISO 14971MQTTSASTSTRIDESecure bootSecure codingSecure data flowsSecure key storageSecure-by-designSoftware lifecycleTCP/IPTLSThreat modelingVulnerability assessmentWi-Fi
Don't send a generic resume
Paste this job description into Mimi and get a resume tailored to exactly what the hiring team is looking for.
Get started free