Product Security Engineer

Job Title

Job Overview: Pay Range: $47hr - $52hr Responsibilities • Support product security activities for medical devices, including contributions to FDA submission deliverables. • Apply ISO 14971 risk management principles and integrate cybersecurity risks into safety analyses such as FMEA, FMEDA, and hazard analysis. • Align security activities with IEC 62304 software lifecycle requirements and safety classifications. • Ensure compliance with FDA cybersecurity premarket guidance and other applicable regulatory standards. • Perform threat modeling and attack surface analysis using methodologies such as STRIDE. • Define and implement secure-by-design architecture including authentication, authorization, least privilege, and secure data flows. • Design and evaluate embedded and firmware security controls including secure boot, signed firmware, root of trust, and secure key storage. • Apply cryptographic best practices including TLS, certificate lifecycle management, and secure key handling. • Conduct vulnerability assessments using SAST, DAST, fuzzing, and binary analysis techniques. • Plan and execute penetration testing activities or coordinate with external security testing teams. • Analyze and secure networking protocols including TCP/IP, BLE, Wi-Fi, MQTT, and healthcare standards such as HL7/FHIR. • Manage software supply chain security including SBOM generation and dependency vulnerability tracking. • Integrate security controls into DevSecOps pipelines including SCA, SAST, secrets scanning, and release gating. • Develop and maintain required documentation for regulatory submissions. Required Skills And Experience • Strong experience in product security within the MedTech or medical device industry. • Hands-on experience supporting FDA submissions and regulatory cybersecurity requirements. • Knowledge of ISO 14971 risk management and IEC 62304 software lifecycle standards. • Experience with threat modeling frameworks such as STRIDE. • Expertise in secure architecture, embedded systems security, and cryptography. • Experience in vulnerability assessment, penetration testing, and secure coding practices. • Strong understanding of networking protocols and secure communications. • Experience with DevSecOps practices and CI/CD pipeline security integration. Deliverables • Product Security Plan. • Threat Model documentation. • Risk Assessment reports. • Vulnerability Assessment reports (CVSS 3.1 / MITRE framework preferred). • Manufacturer Disclosure Statement for Medical Device Security (MDS2). • Security White Papers and supporting documentation. Preferred Qualifications • Experience with healthcare data standards such as HL7/FHIR. • Familiarity with hardware security testing and advanced attack techniques. • Knowledge of global regulatory cybersecurity requirements. Soft Skills • Strong analytical and problem-solving skills. • Excellent documentation and technical writing abilities. • Strong communication skills with cross-functional teams and stakeholders. • Detail-oriented with a focus on compliance and quality. • Ability to manage multiple priorities in a complex, regulated environment.