Lead Product Security Engineer - Medical Device; No C2C​/No Sponsorship​/No

Overview

Job Title: Lead Product Security Engineer

Location: Hybrid - Marlborough, MA

Duration: 6+ Month Contract

Pay: $66-86/hr W2

No C2C/No Sponsorship/No 1099

Prior Experience Preferred

• Participate in continuous improvement of our Secure by Design principles and implementation, ensuring adherence to security standards and best practices.
• Design architecture that prioritizes efficient, secure software updates and patch management across deployed systems.
• Establish incident playbooks and coordinate root cause analysis (RCA) for reported security incidents.
• Leveraging industry standard methodologies to apply threat modeling to our medical products (e.g., STRIDE, PASTA)

About

Our Software Engineering (R&D) department in our Diagnostics division is looking for a Security Engineer experienced in medical device and/or instruments security and systems to join our team, pivotal in building and enhancing security in our products and services! As a Lead Product Security Engineer and the SME for our Cytology R&D team, you will the key cybersecurity representative ensuring that our products are meeting industry standards and FDA requirements throughout the product lifecycle, including post-market.

Key responsibilities and applied experience required from a candidate:

• Support the creation and maintenance of security design documentation and architecture diagrams.
• Collaborate with cross-functional teams (Product Engineering, Dev Sec Ops , Regulatory, Quality) to integrate security into the product lifecycle.
• Define security requirements and controls based on specific use cases and threat models.
• Establish automated processes for vulnerability scanning and perform regular risk analyses to evaluate security threats and vulnerabilities, prioritizing uncontrolled risks with potential impacts on patient safety, leveraging CVSS as the baseline.
• Work with cross-functional teams to ensure that SBOMs are correct and can be used as part of our continuous vulnerability monitoring process
• Work with Dev Sec Ops  and Software Engineers to review code static analysis and third-party software assessment reports.
• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or related engineering equivalent.
• Minimum of 8 - 12 years of professional experience in product security/cybersecurity engineering
• Strong interpersonal skills, with the ability to communicate cybersecurity concepts to a variety of audiences.
• Skilled in working within cross-functional groups.
• Skilled in performing Risk Assessment and Management plan
• Skilled in writing design documentation and standard operating procedures.
• Experienced in Windows OS and LINUX, including implementing system hardening, is required
• Experienced in networking devices (e.g., switches, routers, firewalls) and protocols (e.g., TCP/IP)
• Expertise with security frameworks and testing tools, and how to incorporate the results of those into cybersecurity requirements for the Product Development team.
• Proficiency in scripting and simple test automation (e.g., Power Shell, Python).

Experiences that are advantageous to have:

• Collaborate with Program Management and Regulatory teams to provide security input for audits and FDA submissions.
• Thorough familiarity with FDA and other regulatory body Cybersecurity Guidelines and cybersecurity standards such as NIST, AAMI, CSLI, UL, BSI, HIPAA, GDPR, State and Federal security standards, and ACTS for premarket and post-market activities.
• Assist in translating cybersecurity requirements into product requirements for new and existing product designs, as well as assisting with the definition of verifications for traceability.
• Assist with efforts to establish penetration testing suites for continuous testing and monitoring of our product solution.