Cybersecurity Engineer III

Diversity - Innovation - Caring - Global Collaboration - Winning Spirit
- High Performance

At Boston Scientific, we’ll give you the opportunity to harness all that’s within you by working in teams of diverse and high-performing employees, tackling some of the most important health industry challenges. With access to the latest tools, information and training, we’ll help you in advancing your skills and career. Here, you’ll be supported in progressing – whatever your ambitions.

Boston Scientific’s Endoscopy Division is seeking a Cybersecurity Engineer III to join our Product Cybersecurity team. This is an exciting opportunity to work at the forefront of medical technology, supporting the development and maintenance of secure, connected medical devices and software. In this role, you will lead and support cybersecurity activities across the Endoscopy product portfolio—ensuring compliance with global standards and safeguarding patient and system data throughout the product lifecycle.

You will collaborate cross-functionally with R&D, Quality, Legal, and external partners to define, assess, and implement security controls for both pre-market and post-market products. This position blends technical depth with business acumen, offering you a chance to drive cybersecurity excellence in a highly regulated, mission-driven environment.

At Boston Scientific, we value collaboration and synergy. This role follows a hybrid work model requiring employees to be in our local office at least three days per week. Boston Scientific will not offer sponsorship or take over sponsorship of an employment visa for this position at this time. Relocation assistance is not available for this position at this time.

• Support pre-market cybersecurity efforts by assisting with threat modeling, documenting security requirements, and supporting vulnerability assessments.
• Conduct post-market security monitoring by gathering threat intelligence, reviewing vulnerability data, and evaluating potential product risks.
• Coordinate application security reviews and penetration testing activities; support product teams in tracking and mitigating identified vulnerabilities.
• Manage and support training programs for cybersecurity tools related to threat intelligence, application security, vulnerability assessments, and third-party risk.
• Collaborate with Legal and R&D to review technical clauses in hospital cybersecurity agreements.
• Maintain and update product inventory records, including technical controls and exception tracking, in partnership with product teams.
• Monitor for changes in product security controls and ensure database updates and stakeholder communication.
• Stay current with industry and regulatory standards, including FDA guidance, ISO/IEC 81001-5-1, and AAMI TIR
  57/TIR
  97, and apply them to daily practices.
• Act as a subject matter expert, providing deep technical insights into customer needs while influencing cybersecurity best practices across teams.
• Promote a diverse, inclusive workplace that enables full contribution toward organizational goals.
• May lead initiatives across functional areas, product groups, or projects, while ensuring compliance with company and regulatory policies.

• Bachelor’s degree or higher in a technical or related field.
• Minimum of 3 years' experience in Research & Development and/or Information Technology, with some focus on cybersecurity.
• Experience conducting vulnerability analysis for both Windows and Linux operating systems and related software.
• Familiarity with multiple operating systems, including Linux, Windows, and MacOS.
• General understanding of core cybersecurity techniques such as threat modeling, vulnerability assessments, and security testing methodologies.

• Cybersecurity certifications such as CEH, CISSP, or equivalent.
• Experience working in highly regulated industries (e.g., medical devices, aerospace, defense).
• Familiarity with tools used in threat intelligence, penetration testing, and software security analysis.
• Must be able to dive deep into technical customer needs and influence change where necessary.