Medical Device Cybersecurity Engineer

Must have : Medical Embedded Devices, VAPT (Hardware, Firmware), Design History File (DHF), Risk Management File (RMF) Documentation, Threat Modeling, SAST, DAST, SBOM and SOUP Analysis, SCA, FDA Regulations, 510K, ISO 13485 and ISO 14971

Job Summary:
The Medical Device Cybersecurity Engineer is responsible for ensuring that medical device software, connected systems, and supporting infrastructure are designed, developed, and maintained in compliance with FDA cybersecurity requirements and applicable international standards. This role supports cybersecurity risk management activities across the medical device lifecycle, from design and development through post-market surveillance, and contributes to regulatory submissions and FDA inspections.

Key Responsibilities:
FDA & Regulatory Compliance
Ensure compliance with FDA medical device cybersecurity requirements, including FDA Premarket Cybersecurity Guidance and FDA Post-market Cybersecurity Guidance
Support cybersecurity content for 510(k) including:
Cybersecurity risk assessments
Threat model
Security architecture descriptions
Software Bill of Materials (SBOM)
Threat & Vulnerability Assessment
Maintain cybersecurity documentation within the Design History File (DHF) and Risk Management File (RMF).
Support FDA inspections, audits, and responses related to cybersecurity.

Design Controls & Risk Management
Perform cybersecurity risk management activities in accordance with ISO 14971.
Identify cybersecurity hazards that could lead to patient harm or device malfunction.
Define and implement cybersecurity risk controls and verify their effectiveness.
Ensure cybersecurity requirements are incorporated into design inputs, design outputs, and design verification and validation activities.
Support secure design reviews and change control processes.

Vulnerability Management & Post-market Surveillance
Monitor and assess cybersecurity vulnerabilities affecting medical devices, including third-party and open-source software.
Support coordinated vulnerability disclosure processes in alignment with FDA expectations.
Participate in post-market surveillance, complaint handling, and CAPA activities related to cybersecurity.
Support incident response activities and field corrective actions as needed.

Technical Security Responsibilities
Evaluate and implement security controls, including:
Authentication and authorization
Encryption and key management
Secure boot and firmware integrity
Logging and audit trails
Conduct or support penetration testing, threat modeling, and security testing.
Assess cybersecurity risks associated with cloud services, mobile applications, and networked medical devices.
Review supplier documentation related to cybersecurity and SBOMs.
Ensure supplier cybersecurity risks are documented and mitigated per quality system requirements.

Qualifications:
Bachelor's degree in Cybersecurity, Computer Science, Software Engineering, Electrical Engineering, or related field.
Minimum 8 years of experience in cybersecurity, with experience in medical devices.
Demonstrated knowledge of:
FDA medical device cybersecurity guidance
ISO 13485 and ISO 14971
Experience with cybersecurity risk assessments and regulatory documentation.