Senior Product Security Engineer

About The Position

Requirements

• Requires a Baccalaureate degree and minimum of 4 years of relevant experience OR Master's degree with a minimum of 2 years relevant experience OR PhD with 0 years relevant experience.
• For Baccalaureate degrees earned outside of the United States, a degree that satisfies the requirements of 8 C.F.R. § 214.2(h)(4)(iii)(A) is required.
• Possess unrestricted U.S. work authorization at the time of hire and for the duration of employment (for roles below Principal level).

Nice To Haves

• Deep experience working with engineering teams to integrate cybersecurity into real-time systems, embedded firmware, connected devices, or other product-level security contexts.

Responsibilities

• Stay abreast of emerging cybersecurity threats, technologies, and regulations specific to medical devices and health software.
• Contribute to OU and enterprise-wide product security strategy and roadmap development.
• Drive security integration into all stages of the product lifecycle, from concept and design to postmarket.
• Work closely with system architects, software leads, and hardware engineers to embed secure design patterns in both embedded and cloud-connected environments.
• Lead or contribute to threat modeling sessions, conduct security risk assessments, and identify mitigation strategies in accordance with IEC 81001-5-1, ISO 14971, and FDA premarket cybersecurity guidance.
• Collaborate on the design and implementation of secure architectures, focusing on secure boot, secure communications, data protection, access control, secure software updates, and hardware-software integration.
• Support and interpret results from vulnerability scans, penetration tests, and static/dynamic code analysis.
• Coordinate with internal teams and third-party vendors to ensure timely and appropriate risk mitigation.
• Promote a culture of security awareness within R&D and provide support to more junior engineers.
• Lead by example through documentation, review participation, and active knowledge sharing.
• Ensure alignment with applicable standards (e.g., NIST, IEC 60601-4-5, IEC 81001-5-1) and support security documentation efforts for global regulatory submissions.
• Review and assess the cybersecurity posture of third-party suppliers and open-source software components used within product designs.
• Support technical investigation and resolution of postmarket security incidents or field issues.
• Lead root cause investigations, containment strategies, and risk assessments.
• Maintain comprehensive security documentation, including threat model diagrams, risk assessments, shared service inventories, design patterns, security guidelines, and product security plans/reports.

Benefits

• Health, Dental and vision insurance
• Health Savings Account
• Healthcare Flexible Spending Account
• Life insurance
• Long-term disability leave
• Dependent daycare spending account
• Tuition assistance/reimbursement
• Simple Steps (global well-being program)
• Incentive plans
• 401(k) plan plus employer contribution and match
• Short-term disability
• Paid time off
• Paid holidays
• Employee Stock Purchase Plan
• Employee Assistance Program
• Non-qualified Retirement Plan Supplement (subject to IRS earning minimums)
• Capital Accumulation Plan (available to Vice Presidents and above, or subject to IRS earning minimums)