Join a mission-driven team building secure, innovative medical diagnostic technologies that improve lives every day. Our Diagnostics Software Engineering (R&D) team is seeking a Lead Product Security Engineer with strong medical device or instrument security experience to serve as the cybersecurity SME for our Cytology R&D group.

In this role, you’ll drive secure-by-design principles, ensure compliance with FDA cybersecurity expectations, and embed robust security practices across the full product lifecycle—including post-market.

What You’ll Do

• Monitor emerging threats and assess security risks across complex software, instrumentation, and connected systems.
• Enhance secure-by-design practices and support secure architecture, documentation, and design controls.
• Define security requirements and controls informed by use cases, threat models, and CVE analysis.
• Lead risk assessments and Security Risk Management activities for vulnerabilities and design issues.
• Support automated vulnerability scanning, SBOM accuracy, and continuous monitoring processes.
• Collaborate closely with Product Engineering, DevSecOps, Regulatory, and Quality teams.
• Guide secure update/patch management architecture and support incident response and root cause analysis.
• Review code analysis results and third-party software evaluation reports.

Required experience:

• Bachelor’s/Master’s in Computer Science, Cybersecurity, or related field.
• 8–12+ years in product security or cybersecurity engineering.
• Industry certifications (CISSP, Security+, etc.).
• Strong communication and cross-functional collaboration skills.
• Experience in FDA-regulated environments and deep familiarity with regulatory cybersecurity standards.
• Proficiency with Windows OS, cloud environments, scripting (Python, PowerShell), and security frameworks/tools.

Preferred experience:

• Supporting regulatory audits and FDA submissions with security documentation.
• Working knowledge of FDA cybersecurity guidance and standards including ISO, IEC, NIST, AAMI, UL, HIPAA, GDPR, and others.
• Translating cybersecurity requirements into product requirements and verification plans.
• Penetration testing, continuous security testing frameworks, or automated test suites.