Staff Product Security Engineer

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Security, or related field
• 12+ years of experience in product security or related cybersecurity roles
• Deep expertise in securing complex, software-driven and safety-critical systems
• Strong knowledge of secure design, threat modeling, vulnerability management, and SDLC practices
• Experience operating in regulated environments (FDA, HIPAA, GDPR)
• Familiarity with frameworks such as NIST, ISO 14971, IEC 62304, and related standards
• Proven ability to influence cross-functional teams and drive security outcomes
• Experience with medical devices, healthcare technology, or IoMT systems

Nice To Haves

• Professional certifications such as CISSP, CISM, CRISC
• Experience with CI/CD security tooling (SAST, DAST, SCA) and shift-left practices
• Familiarity with global regulatory standards (EU MDR, GDPR, ISO/IEC 81001-5-1)
• Experience supporting SBOM programs and PSIRT operations
• Understanding of penetration testing methodologies

Responsibilities

• Provide senior-level cybersecurity leadership across product development, influencing secure design decisions at scale.
• Drive adoption and continuous improvement of the Secure Product Development Framework (SPDF) and secure SDLC practices.
• Translate complex cybersecurity risks into clear, actionable guidance for engineering and business stakeholders.
• Ensure compliance with FDA cybersecurity guidance (including Section 524B) and global data privacy regulations (HIPAA, GDPR) in partnership with Regulatory, Quality, Privacy, and Cybersecurity teams.
• Develop and maintain cybersecurity documentation to support pre- and post-market regulatory requirements.
• Lead and mature cybersecurity risk management practices, including threat modeling, Cybersecurity Risk Assessments (CSRAs), and security design reviews.
• Develop and maintain threat models and data flow diagrams, incorporating considerations for patient safety, data privacy, and system integrity.
• Advise on and review secure architectures across embedded systems, applications, cloud, and IoMT platforms.
• Participate in design reviews, providing actionable recommendations to strengthen system security requirements.
• Oversee vulnerability management programs, including detection, scanning, remediation, and coordinated disclosure (PSIRT).
• Leverage application security and threat detection tools (e.g., Veracode, Snyk, GitLab) to identify and address vulnerabilities early in the SDLC.
• Support incident response and post-market monitoring, driving root cause analysis and preventive actions.
• Oversee SBOM management, third-party risk, and software supply chain security, ensuring transparency and risk mitigation across components.
• Partner closely with Product, R&D, Quality, Regulatory, Privacy, and Cloud teams to embed security throughout the product lifecycle and ensure alignment across stakeholders.

Benefits

• Actual compensation may vary depending on job-related factors including knowledge, skills, experience, and work location.