Job description

The Medical Device Product Engineer will be responsible for the design, development, implementation, and lifecycle management of cybersecurity features and controls in our connected medical devices and digital health platforms. The position will work at the intersection of engineering, cybersecurity, regulatory compliance, and product management to ensure patient safety, data integrity, and regulatory compliance. The engineer will also work closely with quality and regulatory teams to align policies with medical device security standards. KEY RESPONSIBILITIES: Product Security Development: • Design and implement cybersecurity features across the device lifecycle, including secure boot, encryption, authentication, and secure firmware updates. • Perform threat modeling and security risk assessments for existing and new products. • Work with software, hardware, and cloud engineering teams to define security requirements. • Perform Security assessments and reporting on an ongoing basis of released products. Risk Management & Compliance: • Ensure compliance with relevant standards and regulations such as FDA Pre- and Post market Cybersecurity Guidance, ISO 14971, IEC 62304, ISO/IEC 27001, and NIST 800-53. • Author and maintain company SOPs regarding cybersecurity in the design process and IT infrastructure • Contribute to cybersecurity risk management files and participate in hazard analysis and risk mitigation processes. • Prepare documentation for regulatory submissions (e.g., FDA 510(k), EU MDR). Vulnerability Management: • Identify, assess, and track software and hardware vulnerabilities (e.g., CVEs). • Support incident response and post-market surveillance in coordination with QA/RA and IT security teams. • Define, implement, and enforce corporate security policies and best practices with existing or new tools • Create solutions for pre-existing and/or new security issues • Promptly respond to data security crises and documenting effectively Cross-functional Collaboration: • Serve as a cybersecurity subject matter expert (SME) for product development teams. • Provide input into product roadmaps to align cybersecurity and business priorities. • Conduct security reviews, training, and mentoring for engineers and QA staff. • Oversee any changes in facilities, software, hardware, user needs and telecommunications • Assist in the development of standard cost estimates and establish standard cost. Continuous Improvement: • Stay current on emerging threats, technologies, and best practices in medical device cybersecurity. • Lead or support internal security audits and assessments. • Ability to work cross-functionally in a team environment. • Ability to work flexible hours. • Ability to work in a regulated environment (FDA, ISO, OSHA). • Perform all other duties as assigned. QUALIFICATIONS Required: • Bachelor’s or Master’s degree in Computer Engineering, Cybersecurity, Biomedical Engineering, or related field. • 3–7 years of experience in product cybersecurity, preferably in the medical device or healthcare industry. • Strong understanding of embedded systems, IoT security, and secure software development practices. • Familiarity with regulatory frameworks and standards relevant to medical device cybersecurity. • Knowledgeable in medical industry related cybersecurity standards and procedures, including AAMI SW96, AAMI TIR57, AAMI TIR97. • Experience performing threat modeling, vulnerability assessment, and security risk assessment. • Technically knowledgeable of Good Cyber Security Practices relating to computer networks and systems • Security testing methodologies like penetration testing for creating secure network architecture. • Encryption, cryptography and application security technologies • Incident response • Enhance authentication, Identity and access management • Phishing, advanced persistent threats (APT) and social engineering • Must be able to lift approximately 50-75 lbs. occasionally. Preferred: • Experience with secure firmware/software development for Class II or III medical devices. • Knowledge of cloud security (e.g., AWS, Azure) in the context of digital health platforms. • Certifications such as CISSP, CEH, or GIAC. • Experience with secure SDLC methodologies and tools (e.g., static/dynamic code analysis, fuzz testing). Soft Skills: • Excellent analytical, communication, and documentation skills. • Strong problem-solving mindset with attention to detail. • Ability to work collaboratively in a multidisciplinary team environment. Why Join Us? • Help shape the future of healthcare technology and patient safety. • Work with a passionate team driving innovation in digital health and connected medical devices. • Enjoy a collaborative culture and opportunities for growth in a cutting-edge field.

Requirements