Sr Product Security Engineer - Exempt

Cardiac Ablation Solutions (CAS) is seeking a Senior Product Security Engineer to join our R&D organization and help secure cardiac ablation medical device solutions. This role focuses on cybersecurity for medical devices and embedded systems. It is not an IT security, compliance, or GRC-focused position. The ideal candidate will bring strong experience partnering with engineering teams to integrate cybersecurity into real-time systems, embedded firmware, connected devices, and other product security contexts.

The selected candidate will support the integration of advanced cybersecurity controls, identify and mitigate vulnerabilities, and contribute to initiatives that improve cyber resilience across the product lifecycle. This person will serve as a technical subject matter expert, mentor others, collaborate across functions, and help drive long-term improvements in product security posture.

• Product Security - Implement security requirements across the medical device development lifecycle by partnering with cross-functional teams and applying best practices from design through deployment.
• Risk Assessment - Conduct threat modeling and vulnerability assessments to identify, prioritize, and help mitigate security risks throughout the product lifecycle.
• Security Architecture - Support the design and delivery of secure medical devices through implementation of capabilities such as secure boot, secure communications, data protection, software update mechanisms, system integration protections, and access controls.
• Security Standards - Apply medical device cybersecurity standards and guidance, including NIST, OWASP, and IEC 81001-5-1, and partner with development teams to strengthen security practices.
• Technical Leadership - Stay current on cybersecurity trends affecting medical devices and health software, share best practices, and help advance long-term product security strategy.

• Bachelor’s degree in engineering, computer science, computer engineering, or a related technical field with 4 years of experience; or an advanced degree with 2 years of relevant experience.

• Experience in embedded device security within a regulated industry.
• Strong understanding of cybersecurity concepts and frameworks such as NIST and OWASP.
• Working knowledge of secure software development lifecycle principles and security-by-design practices.
• Experience collaborating with engineering teams to identify and address product security risks.
• Familiarity with medical device cybersecurity standards and guidance, including IEC 81001-5-1, ISO 14971, and FDA premarket and post market cybersecurity guidance.
• Experience supporting FDA and other regulatory cybersecurity submissions.
• Experience with connected healthcare systems or cloud-connected medical devices.
• Security certifications such as CompTIA Security+, CISSP, or similar.

This exciting opportunity is based in Mounds View, MN, a vibrant community offering a great quality of life and a supportive environment for professionals. Join us and be a part of a team that is making a difference in healthcare technology.