Execute and document risk assessments of the cybersecurity stature of various subsystems and components within the Edison system
Guide product engineering teams to drive inherent risk remediation via documenting and implementing requirements and adoption of best practices to reduce residual risk and improve the cybersecurity stature of the Edison system
Support FDA premarket submissions by preparing cybersecurity documentation including risk management reports, threat model, MDS2 and cybersecurity whitepaper
Support cyber lifecycle management activities including vulnerability monitoring, assessment, and documentation needs
Maintain a positive, results-oriented work environment, building partnerships and modeling teamwork, communicating to team members in an open, balanced, and objective manner
Create/ maintain a clean, safe, and effective work environment.

8 years of combined professional experience in Information Security, Risk Management, and or/IT-centric cybersecurity roles is required
Bachelor’s degree in an engineering, science, or technical discipline preferred
Expertise with cybersecurity vulnerability analysis methodologies including CVSS is required
Expertise with cybersecurity methodologies for identifying design weaknesses is required (threat modeling/STRIDE, CWE)
Familiarity with cybersecurity, information security, and medical device standards regulations is required (HIPAA, FDA, ISO 27001)
Familiarity with methodologies for assessing cybersecurity residual risk is required (CVE analysis, review of technical design documentation, compensating controls analysis, CVSS MD rubric)
Relevant security certifications are preferred.
In-depth, systemic technical knowledge of complex, dynamic, and varying medical device systems.
Excellent written and verbal communication skills, with the ability to participate in engineering discussions.
Strong analytical, critical thinking, and problem-solving skills with an attention to detail.

Senior Product Security Engineer

Key skills