Our Software Engineering (R&D) department in our Diagnostics division is looking for a Security Engineer experienced in medical device and/or instruments security and systems to join our team, pivotal in building and enhancing security in our products and services! As a Product Security Engineer, you will the key cybersecurity representative ensuring that our products are meeting industry standards and FDA requirements throughout the product lifecycle, including post-market.

This is a hybrid role based out of either Marlborough, MA or San Diego, CA.

Key responsibilities and applied experience required from a candidate:

• Support the creation and maintenance of security design documentation and architecture diagrams.
• Collaborate with cross-functional teams (Product Engineering, DevSecOps, Regulatory, Quality) to integrate security into the product lifecycle.
• Define security requirements and controls based on specific use cases and threat models.
• Establish automated processes for vulnerability scanning and perform regular risk analyses to evaluate security threats and vulnerabilities, prioritizing uncontrolled risks with potential impacts on patient safety, leveraging CVSS as the baseline.
• Work with cross-functional teams to ensure that SBOMs are correct and can be used as part of our continuous vulnerability monitoring process
• Work with DevSecOps and Software Engineers to review code static analysis and third-party software assessment reports.

Minimum Requirements:

• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or related engineering equivalent.
• Minimum of 5-10+ years of professional experience in product security/cybersecurity engineering
• Strong interpersonal skills, with the ability to communicate cybersecurity concepts to a variety of audiences.
• Skilled in working within cross-functional groups.
• Skilled in performing Risk Assessment and Management plan
• Skilled in writing design documentation and standard operating procedures.
• Experienced in Windows OS and LINUX, including implementing system hardening, is required
• Experienced in networking devices (e.g., switches, routers, firewalls) and protocols (e.g., TCP/IP)
• Expertise with security frameworks and testing tools, and how to incorporate the results of those into cybersecurity requirements for the Product Development team.
• Proficiency in scripting and simple test automation (e.g., PowerShell, Python).

Preferred Experience:

• Collaborate with Program Management and Regulatory teams to provide security input for audits and FDA submissions.
• Thorough familiarity with FDA and other regulatory body Cybersecurity Guidelines and cybersecurity standards such as NIST, AAMI, CSLI, UL, BSI, HIPAA, GDPR, State and Federal security standards, and ACTS for premarket and post-market activities.
• Assist in translating cybersecurity requirements into product requirements for new and existing product designs, as well as assisting with the definition of verifications for traceability.
• Assist with efforts to establish penetration testing suites for continuous testing and monitoring of our product solution.