Manager, Product Cybersecurity
United States
Full Time
1 hour ago
$121,286 - $206,517 USD
H1B Sponsor
Key skills
CloudCyber SecurityRMentoringPenetration TestingCloud Security
About this role
Role Overview
- Lead and personally execute cybersecurity activities across the product lifecycle, from concept through post‑market support.
- Perform and review: Threat modeling and attack surface analysis, Secure architecture and design reviews, Security requirements definition and verification.
- Manage and approve third-party penetration testing.
- Partner with R&D to embed secure‑by‑design practices into hardware, firmware, software, cloud, and mobile components.
- Guide secure development aligned with IEC 62304, ISO 14971, ISO 270001, and other regulatory cybersecurity expectations.
- Integrate cybersecurity into design controls, software lifecycle processes, and system engineering practices.
- Lead the product vulnerability management program, including: Vulnerability intake, triage, and risk assessment, Coordinated disclosure and remediation, CVE tracking and SBOM‑driven analysis.
- Guide product cybersecurity incident response, including root cause analysis and corrective actions.
- Support efforts to ensure monthly security testing is running successfully across products through support integration of security tools through automation.
- Lead cybersecurity contributions for FDA submissions (U.S.), EU MDR technical documentation, and other international markets as required.
- Author and/or review cybersecurity documentation, including: Threat models and risk assessments, Cybersecurity sections of regulatory submissions, Security architecture and design artifacts.
- Ensure alignment with FDA Cybersecurity Guidance, EU MDR and IEC 81001‑5‑1, ISO 14971 and IEC 62304, NIST Cybersecurity Framework and relevant global standards.
- Lead, mentor, and grow a team of product cybersecurity engineers.
- Balance hands‑on technical work with prioritization, planning, and delivery.
- Establish clear pragmatic cybersecurity processes, metrics, and accountability across product teams.
Requirements
- Bachelor’s degree in Computer Science, Engineering, Cybersecurity, or related field
- 8+ years of cybersecurity experience, with direct experience securing medical devices or SaMD.
- 3+ years of experience leading or mentoring cybersecurity or product security teams.
- Strong hands‑on experience with: Secure software development, Embedded and/or cloud‑connected medical devices, Threat modeling and risk analysis
- Experience in healthcare and regulatory environments.
- Experience supporting FDA submissions and regulatory audits (preferred).
- Familiarity with SBOM standards (e.g., SPDX, CycloneDX) (preferred).
- Knowledge of cloud security for regulated healthcare environments (preferred).
- Familiarity with US Department of Defense (DoD) Authorization to Operate (ATO) (preferred).
- Relevant certifications (e.g., CISSP, CSSLP, HCISPP) (preferred).
Tech Stack
- Cloud
- Cyber Security
Benefits
- 401(k) with up to a 6% employer match and no vesting period
- Employee stock purchase plan
- Flexible time off for salaried employees
- Accrual of three to five weeks’ vacation annually (based on tenure)
- Accrual of up to 64 hours (annually) of paid sick time
- Paid and/or floating holidays
- Parental leave
- Short
- and long-term disability insurance
- Tuition reimbursement
- Health and welfare benefits