Senior Product Security Engineer

About The Position

Requirements

• 8 years of combined professional experience in Information Security, Risk Management, and or/IT-centric cybersecurity roles is required.
• Bachelor’s degree in an engineering, science, or technical discipline preferred.
• In lieu of degree requirement: relevant technical, cybersecurity, or medical device on-job experience is considered.
• Expertise with cybersecurity vulnerability analysis methodologies including CVSS is required.
• Expertise with cybersecurity methodologies for identifying design weakness is required: (threat modeling/STRIDE, CWE)
• Familiarity with cybersecurity, information security, and medical device standards regulations is required: (HIPAA, FDA, ISO 27001)
• Familiarity with methodologies for assessing cybersecurity residual risk is required: (CVE analysis, review of technical design documentation, compensating controls analysis, CVSS MD rubric)
• In-depth, systemic technical knowledge of complex, dynamic, and varying medical device systems.
• Excellent written and verbal communication skills, with the ability to participate in engineering discussions.
• Strong analytical, critical thinking, and problem-solving skills with an attention to detail.

Nice To Haves

• Relevant security certifications are preferred.

Responsibilities

• Threat Modeling and Risk Assessment: Execute and document risk assessments of the cybersecurity stature of various subsystems and components within the Edison system, in partnership with cross-functional stakeholders and subject matter experts.
• Secure Design: Guide product engineering teams to drive inherent risk remediation via documenting and implementing requirements and adoption of best practices to reduce residual risk and improve the cybersecurity stature of the Edison system. Support development and documentation of verification plans to ensure control sufficiency. Analyze and document impact due to proposed changes.
• Regulatory Compliance: Support FDA premarket submissions by preparing cybersecurity documentation including risk management reports, threat model, MDS2 and cybersecurity whitepaper.
• Postmarket Compliance: Support cyber lifecycle management activities including vulnerability monitoring, assessment, and documentation needs.
• Maintain a positive, results-oriented work environment, building partnerships and modeling teamwork, communicating to team members in an open, balanced, and objective manner.
• Create/ maintain a clean, safe, and effective work environment.

Benefits

• We offer a comprehensive benefits package for full-time employees. This includes health, dental, and vision insurance, life, short-term and long-term disability insurance, 401(k), paid time off, and more.