Skip to content
mimi

Product Security Engineer

Cynet Systems

Raritan · On-site Full-time $47 – $52/hr 1mo ago

About the role

Job Overview

Pay Range: $47hr - $52hr

Responsibilities

  • Support product security activities for medical devices, including contributions to FDA submission deliverables.
  • Apply ISO 14971 risk management principles and integrate cybersecurity risks into safety analyses such as FMEA, FMEDA, and hazard analysis.
  • Align security activities with IEC 62304 software lifecycle requirements and safety classifications.
  • Ensure compliance with FDA cybersecurity premarket guidance and other applicable regulatory standards.
  • Perform threat modeling and attack surface analysis using methodologies such as STRIDE.
  • Define and implement secure-by-design architecture including authentication, authorization, least privilege, and secure data flows.
  • Design and evaluate embedded and firmware security controls including secure boot, signed firmware, root of trust, and secure key storage.
  • Apply cryptographic best practices including TLS, certificate lifecycle management, and secure key handling.
  • Conduct vulnerability assessments using SAST, DAST, fuzzing, and binary analysis techniques.
  • Plan and execute penetration testing activities or coordinate with external security testing teams.
  • Analyze and secure networking protocols including TCP/IP, BLE, Wi-Fi, MQTT, and healthcare standards such as HL7/FHIR.
  • Manage software supply chain security including SBOM generation and dependency vulnerability tracking.
  • Integrate security controls into DevSecOps pipelines including SCA, SAST, secrets scanning, and release gating.
  • Develop and maintain required documentation for regulatory submissions.

Required Skills And Experience

  • Strong experience in product security within the MedTech or medical device industry.
  • Hands-on experience supporting FDA submissions and regulatory cybersecurity requirements.
  • Knowledge of ISO 14971 risk management and IEC 62304 software lifecycle standards.
  • Experience with threat modeling frameworks such as STRIDE.
  • Expertise in secure architecture, embedded systems security, and cryptography.
  • Experience in vulnerability assessment, penetration testing, and secure coding practices.
  • Strong understanding of networking protocols and secure communications.
  • Experience with DevSecOps practices and CI/CD pipeline security integration.

Deliverables

  • Product Security Plan.
  • Threat Model documentation.
  • Risk Assessment reports.
  • Vulnerability Assessment reports (CVSS 3.1 / MITRE framework preferred).
  • Manufacturer Disclosure Statement for Medical Device Security (MDS2).
  • Security White Papers and supporting documentation.

Preferred Qualifications

  • Experience with healthcare data standards such as HL7/FHIR.
  • Familiarity with hardware security testing and advanced attack techniques.
  • Knowledge of global regulatory cybersecurity requirements.

Soft Skills

  • Strong analytical and problem-solving skills.
  • Excellent documentation and technical writing abilities.
  • Strong communication skills with cross-functional teams and stakeholders.
  • Detail-oriented with a focus on compliance and quality.
  • Ability to manage multiple priorities in a complex, regulated environment.

Skills

BLECI/CDDASTDevSecOpsFHIRFMEAFMEDAFuzzingHazard analysisHL7IEC 62304ISO 14971MQTTSASTSTRIDESecure bootSecure codingSecure data flowsSecure key storageSecure-by-designSoftware lifecycleTCP/IPTLSThreat modelingVulnerability assessmentWi-Fi

Don't send a generic resume

Paste this job description into Mimi and get a resume tailored to exactly what the hiring team is looking for.

Get started free