Sr. Product Security Engineer; Medical Devices

Role:
Sr. Product Security Engineer (Medical Devices)

Location:
Burlington, MA (Hybrid - Onsite M/W/F required)

Employment Type:
Full-Time

Salary: $140,

About the Role

We are seeking a Senior Product Security Engineer to join our team in Burlington, MA. This is a highly technical, hands-on role focused on securing embedded medical devices across the full product lifecycle. You will play a key role in designing and implementing security architecture, working closely with firmware, software, and systems engineering teams to ensure products are secure by design and aligned with regulatory expectations.

This position sits within the broader GRC organization but operates as a deeply technical product security function, bridging engineering, security, and compliance.

• Design and define security architecture for embedded and connected medical devices
• Lead secure-by-design initiatives, including threat modeling and risk mitigation
• Develop and review security solutions for authentication, encryption, secure communications, and data protection
• Partner with engineering teams to embed security into the product lifecycle.

• Work closely with firmware and software teams to improve security of device components and interfaces
• Support OS and platform hardening (Windows/Linux-based systems)
• Ensure secure update mechanisms, integrity validation, and secure configurations.

• Manage and coordinate third-party penetration testing engagements
• Define testing scope, review findings, and drive remediation efforts
• Ensure security validation throughout design, development, and pre-market stages.

• Lead identification, tracking, and remediation of vulnerabilities across products
• Coordinate cross-functional response to security issues and disclosures
• Monitor third-party component risks and dependencies.

• Develop and implement security processes, standards, and SOPsHelp mature the organization’s product security program
• Ensure alignment with regulatory and internal security expectations.

• 7+ years of experience in cybersecurity, product security, or software engineering
• Strong experience in medical device security (REQUIRED)
• Proven background in security architecture and secure design for embedded or connected systems
• Experience working with cross-functional engineering teams (firmware, software, systems)
• Hands-on involvement in threat modeling, vulnerability management, and security testing
• Experience managing or working with third-party penetration testing vendors.

• Experience in regulated environments (FDA, healthcare, or similar)
• Knowledge of standards such as ISO 14971, IEC 81001-5-1, NIST, or similar frameworks
• Background in embedded systems, IoT, or device-level security
• Experience building or improving security processes and SOPs.

• High-impact role shaping security architecture for real-world medical devices
• Opportunity to work at the intersection of engineering, security, and regulatory compliance
• Direct influence on product security strategy and implementation
• Collaborative, cross-functional environment with strong engineering partnership.