Principal Software Cybersecurity Engineer

About The Position

Requirements

• BS/MS in Computer Science, Computer Engineering, or equivalent combination of education and experience.
• 10+ years of related experience in real-time embedded software, digital clinical software, medical device development, or product cybersecurity.

Nice To Haves

• Experience in implementing security controls and features in firmware and embedded software, such as secure boot, cryptographic services, and secure data storage.
• Experience in implementing protections for sensitive data stored on or transmitted by embedded devices.
• Experience in implementing digital signatures to verify the authenticity and integrity of data.
• Experience in applying secure hashing and generating and managing cryptographic keys.
• Experience in employing secure communication protocols like TLS/SSL.
• Experience in medical device security risk assessment, evaluation, and control.
• Experience in preparing and maintaining SBOM
• Familiarity with OWASP MASVS and mobile/web application security best practices
• Familiarity with SAST/SCA tools such as SonarQube (preferred)
• AWS Certified Security - Specialty certificate or experience with AWS security-related services such as GuardDuty, IAM, Security Hub, and WAF
• Knowledge of relevant cybersecurity regulations and guidelines (FDA pre-market and post-market guidance, section 2.4b CFR, IEC 81001-5-1, IEC 62443-4-1, JSP 2.0).
• Knowledge of cybersecurity relevant methods and tools (threat modeling, STRIDE, static/dynamic code analysis, system hardening, penetration testing, etc.).
• Understanding of post-market surveillance, vulnerability disclosure, CVEs, and incident response in regulated environments.
• Medical device software development experience with compliance to IEC-62304, IEC-82304, and FDA guidelines is a plus.
• Knowledge of regulatory and industry standards (e.g., NIST CSF, ISO 27001, IMDRF, EU MDR).
• Must be team-oriented with outstanding interpersonal and communication skills (written and verbal).
• Must be detail-oriented and highly organized.

Responsibilities

• Work with relevant stakeholders to determine customer needs for secure embedded and digital software applications
• Elicitate cybersecurity software requirements to support customer needs
• Perform end-to-end system security risk analysis activities
• Perform threat modeling, vulnerability assessments, pen tests, and static/dynamic analysis (SAST/DAST)
• Ensure regulatory compliance with FDA pre-market/post-market guidelines, NIST SP 800-series, IEC 62304, and ISO 14971
• Implement cryptographic controls, secure boot, authentication, and hardened operating systems
• Create software requirement specs, risk assessments, and secure architecture designs
• Manage Software Bill of Materials (SBOM) to analyze third-party component risks
• Support patching and remediation of security vulnerabilities on connected devices
• Participate in cybersecurity assessment and ensure a secure architecture and design
• Develop and maintain software development procedures per regulatory standards, e.g., FDA guidance, IEC 62304
• Support quality audits and the development of FDA submissions
• Perform other TransMedics tasks and duties as assigned/required.

Benefits

• Medical with Health Reimbursement Account through Blue Cross/Blue Shield of MA
• Dental
• Vision
• Healthcare Flexible Spending Account
• Dependent Care Flexible Spending Account
• Short Term Disability
• Long Term Disability
• 401K Plan
• Pet insurance
• Employee Stock Purchase Plan