Senior Product Security Engineer
United States
Full Time
2 hours ago
$87,892 - $149,656 USD
H1B Sponsor
Key skills
AWSCloudCyber SecuritySDLCCI/CDOWASPCloud Security
About this role
Role Overview
- Work directly with software, embedded, cloud, quality, and regulatory teams to ensure security is built into product design, development, release, and post-market operations
- Embed security into the medical device and SaMD SDLC, including secure design reviews, threat modeling, and security requirements definition
- Perform threat modeling and architecture reviews for device software and firmware, cloud-connected services and APIs, mobile and web applications supporting medical devices
- Define and validate security controls for authentication, authorization, encryption, and data protection in patient-impacting systems
- Partner with Quality and Regulatory teams to ensure cybersecurity requirements are documented, traceable, and auditable
- Secure AWS-hosted product backends supporting medical devices and SaMD
- Design and review security architectures using AWS services
- Implement product-focused logging, monitoring, and threat detection
- Integrate security testing into CI/CD pipelines, including SAST, DAST, dependency scanning, container scanning, and secrets detection
- Establish and maintain SBOM practices and third-party component governance for medical device software
- Define and enforce secure standards for container images, including hardening, scanning, signing, and runtime protections
- Support secure build, artifact signing, and release integrity controls
- Support product vulnerability intake, triage, and remediation across device software and cloud services
- Assist with vulnerability disclosure, security advisories, and post-market cybersecurity activities
- Collaborate with incident response teams to investigate and contain product-related security events
- Serve as the product security subject matter expert for engineering teams
- Mentor engineers and influence secure design decisions through practical guidance and standards
- Drive continuous improvement in product security maturity and resilience
Requirements
- 7+ years of experience in cybersecurity engineering with a strong focus on product and application security
- Direct experience securing medical devices, connected devices, or SaMD in a regulated healthcare environment.
- Strong understanding of: Secure SDLC and DevSecOps practices, Threat modeling methodologies, OWASP Top 10 and API security risks
- Hands-on experience with AWS cloud security in support of products and services.
- Familiarity with healthcare and product security frameworks, including NIST CSF/800-53 and ISO 27001.
- Ability to work effectively across Engineering, Quality, Regulatory, and Product teams.
Tech Stack
- AWS
- Cloud
- Cyber Security
- SDLC
Benefits
- 401(k) with up to a 6% employer match and no vesting period
- Employee stock purchase plan
- Flexible time off for salaried employees
- Accrual of three to five weeks’ vacation annually (based on tenure)
- Accrual of up to 64 hours (annually) of paid sick time
- Paid and/or floating holidays
- Parental leave
- Short
- and long-term disability insurance
- Tuition reimbursement
- Health and welfare benefits