Key skills
Product Security EngineeringEmbedded SystemsEmbedded LinuxPythonApplication Security TestingStatic Application Security Testing (SAST)Dynamic Application Security Testing (DAST)Interactive Application Security Testing (IAST)Open Source Software ScanningFuzz TestingFDA Regulatory FrameworksFDA Pre-Market Cybersecurity GuidanceFDA Post-Market Cybersecurity GuidanceIEC 62304TIR57NIST Cybersecurity FrameworkEU Medical Device Regulation (EU MDR)National Medical Products Administration (NMPA)TCP/IPSecure CommunicationsCertificate-Based SystemsSoftware Bill of Materials (SBOM)Vulnerability Exploitability eXchange (VEX)Coordinated Vulnerability Disclosure (CVD)Networking Fundamentals
About this role
eNGINE builds Technical Teams and is hiring a Senior Product Security Engineer to secure real-world, life-saving medical devices. The role involves embedding security into the design and development of connected medical devices, ensuring compliance with global standards while advancing security practices.
Responsibilities:
- Lead and execute product security engineering activities across the full development lifecycle for network-connected embedded medical devices
- Perform hands-on security work including triage, scripting, testing, and validation of product security controls
- Drive threat modeling initiatives and guide teams in identifying and mitigating risks in both new and existing products
- Support Software Bill of Materials (SBOM) and VEX vulnerability management, including tooling and process improvements
- Implement and support Coordinated Vulnerability Disclosure (CVD) processes
- Partner with engineering teams to design and integrate security controls, including encryption, authentication, and access controls
- Develop and maintain traceability artifacts and documentation required for regulatory submissions
- Support FDA cybersecurity requirements and approval processes, including pre- and post-market guidance
- Collaborate with cross-functional teams to produce risk assessments, security test reports, and mitigation strategies
- Stay current on emerging threats, technologies, and regulatory requirements, and share insights across the organization
- Contribute to and maintain secure development policies and standards
Requirements:
- Hands-on product security engineering experience—ideally working with physical or embedded devices (medical device experience strongly preferred)
- Proven experience navigating FDA regulatory frameworks and participating in FDA approval processes
- Strong background in embedded systems and embedded Linux environments
- Solid understanding of networking fundamentals, including TCP/IP, secure communications, and certificate-based systems
- Experience using Python for scripting, automation, or lightweight tooling
- Familiarity with application security and testing tools (SAST, DAST, IAST, OSS scanning, fuzzing, etc.)
- Deep knowledge of industry security frameworks and standards, including: FDA Pre- and Post-Market Cybersecurity Guidance, IEC 62304, TIR57, NIST Cybersecurity Framework, Global regulations (EU MDR, NMPA, etc.)
- Bachelor's degree in Computer Science, Electrical/Computer Engineering, or related discipline
- 5+ years of experience in cybersecurity, with a focus on medical devices or healthcare technology
- 5+ years of product security experience
- Comfortable working EST hours
- Comfortable with quarterly travel to Pittsburgh, PA (reimbursed)
- Ability to bridge engineering and regulatory worlds, effectively communicating with both developers and FDA auditors
- Strong bias toward hands-on execution, not just policy or oversight
- Experience building scalable security processes for high-impact, regulated products
- Passion for improving security in life-critical systems