Product Security Engineer

About

Product Security Eng. resource that has working knowledge of the MedTech industry and worked on the deliverables a part of the FDA submissions.

Resource With Following Experience

• Risk management tied to safety: apply ISO 14971 risk management principles and integrate security risks into safety analyses (FMEA/FMEDA, hazard analysis).
• Medical device software lifecycle: familiarity with IEC 62304 software lifecycle requirements and how security activities map to software safety classifications and documentation.
• Regulatory cybersecurity expectations: understanding of FDA premarket guidance for cybersecurity (or equivalent regional guidance).
• Threat modeling & attack surface analysis: experience using STRIDE, or similar methods to identify and prioritize risks across hardware, firmware, software, cloud, and network interfaces.
• Secure architecture & design: can define secure-by-design controls (authentication, authorization, least privilege, data flow segmentation, fail-safe modes) and translate them into requirements and design patterns.
• Embedded/firmware security: knowledge of boot chain integrity, secure boot, signed firmware, hardware root of trust, secure key storage (TPM, secure element), and firmware update mechanisms.
• Cryptography fundamentals and applied crypto: proper use of TLS, certificate lifecycle, symmetric/asymmetric primitives, secure hashing, key management and avoiding cryptographic misuse.
• Vulnerability assessment & testing: static analysis (SAST), dynamic analysis (DAST), fuzzing, binary analysis, and hardware-oriented testing methods (side-channel, interface fuzzing).
• Penetration testing & red-team basics: able to plan and execute device-level and system-level penetration tests or coordinate with external testers; evaluate risk and produce remediation plans.
• Networking and protocols: understanding of TCP/IP, BLE, WiFi, MQTT, HL7/FHIR basics (if applicable), and secure configuration of network stacks and protocols.
• Software supply chain & SBOM: ability to generate and manage software bill of materials, track third-party components, and perform dependency vulnerability management.
• DevSecOps and CI/CD integration: integrating security checks into pipelines (SCA, SAST, secrets scanning, automated tests), release gating, and secure artifact handling.

Deliverables for FDA Submission

The Resource Would Need To Be Able To Author The Following Deliverables, Not Limited To, As Part Of The FDA Submission

• Product security plan
• Threat model
• Risk assessment
• Vulnerability assessment (preferably using CVSS 3.1 with MITRE rubric)
• MDS2
• White Paper

Benefits

Danta offers a compensation package to all W2 employees that are competitive in the industry. It consists of competitive pay, the option to elect healthcare insurance (Dental, Medical, Vision), Major holidays and Paid sick leave as per state law.

Additional Information

The rate/ Salary range is dependent on numerous factors including Qualification, Experience and Location.