Product Security Engineer — Interventional Vascular Medical Device; Bedford, MA

Product Security Engineer — Interventional Vascular Medical Device (Bedford, MA)

We are seeking a Product Security Engineer to lead and execute the cybersecurity practices that protect our portfolio of medical devices used in interventional vascular procedures. Your work directly supports patient safety, regulatory compliance, and the integrity of life‑critical devices.

Define and govern the Secure Product Development Lifecycle (SPDLC) by authoring, maintaining, and improving SOPs and work instructions aligned with standards for medical devices. Ensure these processes support interventional vascular device development.

Drive implementation of SPDLC practices across engineering teams, embedding secure design, threat modeling, secure coding, and vulnerability management into daily workflows. Ensure teams are trained, equipped, and held accountable.

Continuously enhance security practices by integrating evolving tools, technologies, and industry standards. Keep the organization aligned with regulatory expectations and emerging threats.

Lead threat modeling, security risk assessments, and architecture reviews throughout the product lifecycle. Ensure risks are clearly documented, prioritized, and mitigated.

Support regulatory compliance and operational security by producing cybersecurity documentation, managing vulnerabilities and incidents, and collaborating cross‑functionally. Partner with R&D, quality, and regulatory teams to balance security, safety, usability, and time‑to‑market.

You bring 5+ years of experience in product/application security, embedded systems security, or a related engineering discipline as an individual contributor.

You have strong skills in secure development lifecycle (SDL) processes, threat modeling, secure coding, vulnerability assessment, and penetration testing; working knowledge of medical device cybersecurity standards (IEC 81001‑5‑1, AAMI TIR
57, FDA guidance, IEC 62304) and embedded/connected device constraints; bonus: experience in regulated medical device environments (ideally interventional vascular/cardiovascular), SBOM management, ISO 14971/13485 and 21 CFR 820, and embedded cryptography/secure boot/secure communications/key management.

You hold a Bachelor’s degree in Computer Science, Electrical/Biomedical Engineering, Cybersecurity, or a related field (or equivalent experience); bonus: security certifications such as CISSP, CSSLP, GIAC, or OSCP.

You demonstrate strong technical writing and regulatory documentation skills, translate standards into actionable engineering processes, collaborate cross‑functionally and influence without authority, and maintain a continuous‑improvement mindset with sound judgment balancing patient safety, security, and product delivery.

The pay band for this position in MA is $157,000 - $249,000. The actual base pay offered may vary within the posted ranges depending on job‑related knowledge/skills, experience, business needs, geographical location, and internal equity.

In addition, other compensation, such as an annual incentive bonus, sales commission or long‑term incentives, may be offered. Employees are eligible to participate in our comprehensive Philips Total Rewards benefits program, which includes generous PTO, 401(k) (up to 7% match), HSA (with company contribution), stock purchase plan, education reimbursement, and more.

US work authorization is a precondition of employment. The company will not consider candidates who require sponsorship for a work‑authorized visa, now or in the future.

Company relocation benefits will not be provided for this position. For this position, you must reside in or within commuting distance to Bedford, MA.

This requisition is expected to stay active for 45 days but may close earlier if a successful candidate is selected or business necessity dictates. Interested candidates are encouraged to apply as soon as possible to ensure consideration.

Philips is an Equal Employment and Opportunity Employer including Disability/Vets and maintains a drug‑free workplace.