Lead and personally execute cybersecurity activities across the product lifecycle, from concept through post‑market support.
Perform and review: Threat modeling and attack surface analysis, Secure architecture and design reviews, Security requirements definition and verification.
Manage and approve third-party penetration testing.
Partner with R&D to embed secure‑by‑design practices into hardware, firmware, software, cloud, and mobile components.
Guide secure development aligned with IEC 62304, ISO 14971, ISO 270001, and other regulatory cybersecurity expectations.
Integrate cybersecurity into design controls, software lifecycle processes, and system engineering practices.
Lead the product vulnerability management program, including: Vulnerability intake, triage, and risk assessment, Coordinated disclosure and remediation, CVE tracking and SBOM‑driven analysis.
Guide product cybersecurity incident response, including root cause analysis and corrective actions.
Support efforts to ensure monthly security testing is running successfully across products through support integration of security tools through automation.
Lead cybersecurity contributions for FDA submissions (U.S.), EU MDR technical documentation, and other international markets as required.
Author and/or review cybersecurity documentation, including: Threat models and risk assessments, Cybersecurity sections of regulatory submissions, Security architecture and design artifacts.
Ensure alignment with FDA Cybersecurity Guidance, EU MDR and IEC 81001‑5‑1, ISO 14971 and IEC 62304, NIST Cybersecurity Framework and relevant global standards.
Lead, mentor, and grow a team of product cybersecurity engineers.
Balance hands‑on technical work with prioritization, planning, and delivery.
Establish clear pragmatic cybersecurity processes, metrics, and accountability across product teams.
Requirements
Bachelor’s degree in Computer Science, Engineering, Cybersecurity, or related field
8+ years of cybersecurity experience, with direct experience securing medical devices or SaMD.
3+ years of experience leading or mentoring cybersecurity or product security teams.
Strong hands‑on experience with: Secure software development, Embedded and/or cloud‑connected medical devices, Threat modeling and risk analysis
Experience in healthcare and regulatory environments.
Experience supporting FDA submissions and regulatory audits (preferred).
Familiarity with SBOM standards (e.g., SPDX, CycloneDX) (preferred).
Knowledge of cloud security for regulated healthcare environments (preferred).
Familiarity with US Department of Defense (DoD) Authorization to Operate (ATO) (preferred).