Product Security Engineer (Medical Devices & Embedded Systems)

The Challenge

The Product Security Engineer will drive the implementation of enterprise Product Security strategy within the orthopedics portfolio. This role involves enhancing security processes, collaborating across teams, developing security metrics, and promoting security awareness.

Roles & Responsibilities

• Contribute to the global Product Security Framework and ensure embedded medical devices meet the highest security standards.
• Work with engineering, product management, and compliance teams to enhance security policies for medical device development and support.
• Develop and present security metrics to senior management, providing insights into security posture and progress.
• Ensure security measures align with regulatory requirements (FDA, 510k) and industry best practices.
• Identify, prioritize, and assist in remediating vulnerabilities across the product portfolio.
• Conduct due diligence, threat modeling, and risk assessments for both new and existing products.
• Guide teams on secure coding practices, code reviews, and best practices for embedded systems security.
• Address security-related inquiries, contractual requirements, and compliance standards.
• Lead security awareness initiatives and training sessions within the organization.
• Track and respond to new vulnerabilities in marketed devices, assisting with remediation and patching efforts.

Essential Skills & Qualifications

• Bachelor's degree in Computer Science, Engineering, or a related field (MS preferred).
• Minimum 6 years in security and/or embedded software engineering, preferably in regulated industries (medical devices is a plus).
• Expertise in real-time operating systems (e.g., QNX, Linux, Windows Embedded) and security hardening.
• Strong understanding of embedded systems security, secure software development, and vulnerability management.
• Experience with penetration testing, threat modeling, and security risk assessments.
• Proficiency in C, C++, C# with secure coding practices and code review experience.
• Familiarity with Software Bill of Materials (SBOM) and compliance implications.
• Knowledge of medical device security requirements, including FDA regulations, 510k submissions, and Quality Design Control.
• Experience with risk management frameworks and vulnerability remediation for medical devices.
• Strong collaboration skills with the ability to convey complex security concepts to non-technical stakeholders.
• Ability to influence cross-functional teams and drive security initiatives.
• Experience in developing and presenting security reports to senior management.

Preferred Certifications (Not Required)

• CISSP, CEH, MCSD, CSSLP or similar security certifications.

Additional Skills

• Knowledge of cloud-based IoT security is a plus.
• Strong problem-solving and strategic thinking abilities.