Principal Cybersecurity Engineer
About The Position
The Principal Cybersecurity Engineer will define project-level cybersecurity requirements, design and develop security solutions to mitigate product cybersecurity risks. This role involves understanding medical device products and clinical applications to identify potential cybersecurity threats and develop mitigations. Responsibilities include performing threat modeling, vulnerability testing, security risk analysis, and security assessments. The engineer will review security architecture and designs, secure medical devices, medical device software, and IT software against cyber threats. This position also leads cybersecurity risk assessments and cyber signal incident responses and investigations, leads cross-functional teams, and coordinates strategic supplier and partner relationships.
Requirements
- Master’s in Cybersecurity, Computer Science, Telecommunications or closely related field
- 4 years of experience in cybersecurity-related position(s) in a medical device R&D environment
- Performing threat modeling of regulated medical devices using STRIDE
- Assessing cybersecurity risk to patient safety & Protected Health Information (PHI)
- Creating security designs & requirements based on user needs
- Applying security technologies to medical device product designs within software & hardware, including network security, encryption, firewalls and TPM
- Leading cross functional teams in reviewing security architecture and design
- Applying cybersecurity standards, including NIST CSF, NIST SP 800-30, AAMI TIR57 & AAMI TIR 97
- Applying data privacy standards, including HIPAA
- Creating documentation for regulatory submissions, including cybersecurity management plans, threat model reports, security risk & cyber signal assessments, MDS2 and SBOM
- Applying cybersecurity & secure design principles to medical device products in compliance with FDA Cybersecurity Guidance for Medical Devices
- Conducting security testing & vulnerability scanning using Burp suite, Wireshark and Nessus
- Analyzing findings with qualitative risk prioritization, including CVSS and OWASP
- Planning & overseeing penetration testing with third party testers
- Developing cybersecurity policies & procedures
Responsibilities
- Define project-level cybersecurity requirements
- Design & develop security solutions to mitigate product cybersecurity risks
- Understand medical device products & clinical applications to identify potential cybersecurity threats and develop mitigations
- Perform threat modeling, vulnerability testing, security risk analysis & security assessments
- Review security architecture & designs
- Secure medical devices, medical device software & IT software against cyber threats
- Lead cybersecurity risk assessments & cyber signal incident responses and investigations
- Lead cross-functional teams
- Coordinate strategic supplier & partner relationships
Benefits
- health care
- vision
- dental
- retirement
- PTO
- sick leave
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Principal
