Senior Principal Product Security Engineer
United States
Full Time
1 week ago
$128,000 - $176,000 USD
No H1B
Key skills
Cyber SecuritySDLCCollaboration
About this role
Role Overview
- Secure technology that saves lives
- Define and document the security architecture and cybersecurity posture of life‑critical medical products
- Lead threat modeling, interface analysis, and secure design reviews across product lines
- Author product security whitepapers, technical documentation, and regulatory‑facing materials
- Develop Manufacturer Disclosure Statements for Medical Devices (MDS²) and related artifacts
- Produce and interpret static code analysis and vulnerability assessment reports
- Partner with development teams on security requirements and policies
- Establish and drive governance around vulnerability management, from discovery through remediation
- Support incident response, investigation, and recovery efforts in collaboration with cross‑functional teams
- Use industry‑leading tools (e.g., Tenable Nessus, Fortify, Coverity) to identify, analyze, and mitigate risks
- Monitor and assess zero‑day threats and emerging vulnerabilities
- Participate in security planning, project scoping, and delivery of security initiatives
- Evaluate third‑party and off‑the‑shelf components to ensure secure use
Requirements
- Bachelor’s degree in Computer Science or a related technical field
- 8+ years of experience working within a secure software development life cycle (SSDLC)
- Strong understanding of application security across the full software life cycle
- Hands‑on experience developing, reviewing, or enforcing secure coding practices
- Familiarity with handling PHI and PII in regulated environments
- Experience with threat modeling methodologies such as STRIDE, DREAD, LINDDUN, or PASTA
- Proven ability to perform security risk assessments and clearly communicate risk and business impact
- Experience analyzing, documenting, and remediating software and system vulnerabilities
- Familiarity with industry standards and guidance including IEC TR 80001, NIST 800‑53, ISO/IEC 27001 & 27002 (preferred)
- Expertise in designing secure networks, systems, and application architectures
Tech Stack
- Cyber Security
- SDLC
Benefits
- Medical and dental coverage that start on day one
- Insurance coverage for basic life, accident, short-term and long-term disability, and business travel accident insurance
- Employee Stock Purchase Plan (ESPP)
- 401(k) Retirement Savings Plan (RSP), with options for employee contributions and company matching
- Flexible Spending Accounts
- Educational assistance programs
- Paid holidays
- Paid time off ranging from 20 to 35 days based on length of service
- Family and medical leaves of absence
- Paid parental leave
- Commuting benefits
- Employee Discount Program
- Employee Assistance Program (EAP)
- Childcare benefits