Cybersecurity and Data Protection Software Quality Engineer

About The Position

Requirements

• Bachelor’s degree (or equivalent) in information systems, information technology, or related field
• 2+ years of experience in software quality assurance or cybersecurity at a midsize or large company in the healthcare or other regulated space.
• Deep knowledge of IT, including hardware, software, and networks
• Direct experience with regulatory or notified body cybersecurity submissions.
• Experience with ISO 13485, IEC 62304 (Medical Device Software Lifecycle), and ISO 14971 (Risk Management).

Nice To Haves

• Meticulous eye for detail and an ability to multitask in a fast-paced environment
• Strong abilities in critical thinking, problem-solving, logic, and forensics
• Excellent verbal and written communication skills
• Ability to work successfully in both individual and team settings
• Ability to think like a hacker in order to stay ahead of threats
• Understanding of HIPAA and importance of patient safety and data privacy regulations and guidelines
• Commitment to reflect FMI’s values: Integrity, Courage, and Passion

Responsibilities

• Provide guidance on QMS procedures to align with identified cybersecurity protection requirements, specifically integrating SPDF, threat modeling, and SBOM management into existing FMI Design Controls.
• Review and approve comprehensive cybersecurity documentation for regulatory compliance, including Security Risk Management Reports, Threat Models, and Security Architecture views.
• Ensure the development and maintenance of compliant, machine-readable SBOM (e.g., SPDX or CycloneDX) for all software components, tracking vulnerabilities (CVEs) and managing supplier risks.
• Collaborate with Product Owners, System Owners, Information Security and Data Privacy to conduct cybersecurity risk assessments.
• Review and approve Cybersecurity and Data Protection requirements and verification results (vulnerability analysis, penetration testing) to ensure compliance with pre-determined acceptance criteria.
• Support the development and implementation of a comprehensive post-market, software system cybersecurity vulnerability monitoring plan.
• Review and approves SOPs for timely patching and updating of fielded devices.
• Act as the subject matter expert (SME) advising FMI stakeholders on cybersecurity and data protection on medical device regulations, guidance’s, conformity and reference standards, and best practices during the entire Software Development Lifecycle (SDLC).
• Support internal and external audits (FDA, Notified Bodies) regarding software validation and cybersecurity compliance.
• Collaborate with Product Owners, System Owners, Information Security and Data Privacy in the identification, selection and onboarding and management of suppliers to ensure that suppliers are capable of meeting the cybersecurity and data protection requirements of FMI.
• Maintain documentation of security guidelines, procedures, standards, and controls.

Benefits

• A discretionary annual bonus may be available based on individual and Company performance.
• This position also qualifies for Foundation Medicine’s benefits.