Senior Product Security Engineer

Work Flexibility: Hybrid

What You Will Do:

• Support cybersecurity risk analysis and threat modeling and develop mitigation strategies to develop secure medical products.
• Work closely with cross-functional teams, including Quality, Regulatory, and Marketing, in driving alignment around product Cybersecurity, HIPAA, and GDPR compliance.
• Support or lead in all product hardware and software security facets, including systems hardening, automated and manual penetration testing, automated vulnerability scanning for compliance, and issue remediation.
• Lead manual and automated code reviews for complex embedded and clinical application software to identify security flaws.
• Develop and implement security policies and procedures to ensure compliance with industry standards.
• Automate routine tasks and extract valuable data using various scripting languages like PowerShell, Ruby, or Python.
• Lead cybersecurity documentation requests from legal and sales teams as needed.
• Support or lead incident response, V&E assessments and manage the resolution of security incidents.

What You Need:

Required Qualifications:

• Bachelor’s degree in software engineering/ computer science or related discipline & 3+ years of work experience.
• Understanding one or more security standards/frameworks like NIST 800-53, IEC80001-2-8, IEC 27002, ISO 27799, IEC 15408-2, and IEC 62443-3-3.
• Solid understanding of Linux operating systems.
• Experience in securing medical devices or embedded devices.
• Experience with threat modeling, VAPT and risk assessment.

Preferred Qualifications:

• Experience with security requirements, data security, malware analysis, vulnerability assessment, and penetration testing using off-the-shelf tools and techniques is preferred.
• Understanding of networking concepts.
• Understanding quality standards like IEC 62304, IEC 60601, and 21CRF 820.
• Security certifications such as CISSP-ISSAP, CCSP, OSC

Travel Percentage: 10%