Senior Cyber SecurityEngineer

Additional Location(s):

US-MN-Arden Hills

At Boston Scientific, we give you the opportunity to harness all that is within you by working in teams of diverse and high‑performing employees, tackling some of the most important health industry challenges. With access to the latest tools, information and training, we help you advance your skills and career. Here, you will be supported in progressing—whatever your ambitions.

Boston Scientific is seeking a Product Cybersecurity Engineer to lead and support critical post‑market cybersecurity activities within the Cardiac Rhythm Management (CRM) Research and Development (R&D) organization. This role focuses on operationalizing security processes and ensuring compliance with quality systems while maintaining the security posture of the company’s products, applications and supporting infrastructure. The engineer will also assist in implementing cybersecurity plans for individual CRM products.

This role follows an onsite work model. Employees are expected to work from our Arden Hills, MN office at least four days per week. Boston Scientific will not offer sponsorship or take over sponsorship of an employment visa for this position. Relocation assistance is not available for this position.

• Support and manage applicable tools for pre‑ and post‑market security testing, and support integration of the tools into the quality processes.
• Support post‑market activities to identify known/unknown vulnerabilities associated with Boston Scientific’s products, including new and sustaining products, and provide inputs/technical expertise to multiple teams to eliminate or mitigate identified cybersecurity risks.
• Monitor changes in security controls of products, update the product inventory and tracking database as needed, and communicate to stakeholders.
• Support negotiations of hospital cybersecurity agreements by reviewing technical clauses with Legal and Research & Development subject‑matter experts.
• Support, as needed, security risk assessment and threat modelling services for CRM products businesses and the product development life cycle.
• Support, as needed, application security reviews and vulnerability/penetration testing of Boston Scientific’s medical devices and software.

Required qualifications:

• Bachelor’s degree or higher
• 8+ years of Research & Development or Information Technology experience, preferably in cybersecurity roles in medical device development or healthcare organizations.
• Drive for learning cybersecurity and a passion for securing products.
• Experience with vulnerability analysis of Windows and Linux operating systems as well as software.
• Experience across various OS platforms such as Windows, macOS, Linux, and mobile (iOS, Android).
• General understanding of cybersecurity techniques, controls, and methodologies from frameworks such as NIST Special Publications and ISO standards.

Preferred qualifications:

• Cybersecurity certifications (e.g., Network+, Security+, CSSLP, HCISPP, CEH, CISSP) a plus.

Minimum Salary: $85,000

Maximum Salary: $161,500

Boston Scientific Corporation has been and will continue to be an equal opportunity employer. To ensure full implementation of its equal employment policy, the Company will continue to take steps to assure that recruitment, hiring, assignment, promotion, compensation, and all other personnel decisions are made and administered without regard to race, religion, color, national origin, citizenship, sex, sexual orientation, gender identity, gender expression, veteran status, age, mental or physical disability, genetic information or any other protected class.

For certain U.S. based positions, including but not limited to field sales and service positions that call on hospitals and/or healthcare centers, acceptable proof of COVID-19 vaccination status may be required. This role, which is deemed safety‑sensitive, will also require a prohibited substance test as a requirement. Candidates will be notified during the interview and selection process if the role(s) for which they have applied require proof of vaccination or a safety‑sensitive test as a condition of employment.