Medical Device Cybersecurity Engineer.

Job Title: Medical Device Cybersecurity Engineer.
Location: Cleveland, OH
Contract: 6+ Months

Must have : Medical Embedded Devices, VAPT (Hardware, Firmware), Design History File (DHF), Risk Management File (RMF) Documentation, Threat Modeling, SAST, DAST, SBOM and SOUP Analysis, SCA, FDA Regulations, 510K, ISO 13485 and ISO 14971

Job Summary:

The Medical Device Cybersecurity Engineer is responsible for ensuring that medical device software, connected systems, and supporting infrastructure are designed, developed, and maintained in compliance with FDA cybersecurity requirements and applicable international standards. This role supports cybersecurity risk management activities across the medical device lifecycle, from design and development through post-market surveillance, and contributes to regulatory submissions and FDA inspections.

Key Responsibilities:

FDA & Regulatory Compliance

• Ensure compliance with FDA medical device cybersecurity requirements, including FDA Premarket Cybersecurity Guidance and FDA Post-market Cybersecurity Guidance
• Support cybersecurity content for 510(k) including:
  • Cybersecurity risk assessments
  • Threat model
  • Security architecture descriptions
  • Software Bill of Materials (SBOM)
  • Threat & Vulnerability Assessment
• Maintain cybersecurity documentation within the Design History File (DHF) and Risk Management File (RMF).
• Support FDA inspections, audits, and responses related to cybersecurity.

Design Controls & Risk Management

• Perform cybersecurity risk management activities in accordance with ISO 14971.
• Identify cybersecurity hazards that could lead to patient harm or device malfunction.
• Define and implement cybersecurity risk controls and verify their effectiveness.
• Ensure cybersecurity requirements are incorporated into design inputs, design outputs, and design verification and validation activities.
• Support secure design reviews and change control processes.

Vulnerability Management & Post-market Surveillance

• Monitor and assess cybersecurity vulnerabilities affecting medical devices, including third-party and open-source software.
• Support coordinated vulnerability disclosure processes in alignment with FDA expectations.
• Participate in post-market surveillance, complaint handling, and CAPA activities related to cybersecurity.
• Support incident response activities and field corrective actions as needed.

Technical Security Responsibilities

• Evaluate and implement security controls, including:
  • Authentication and authorization
  • Encryption and key management
  • Secure boot and firmware integrity
  • Logging and audit trails
• Conduct or support penetration testing, threat modeling, and security testing.
• Assess cybersecurity risks associated with cloud services, mobile applications, and networked medical devices.

• Review supplier documentation related to cybersecurity and SBOMs.

Ensure supplier cybersecurity risks are documented and mitigated per quality system requirements.

Qualifications:

• Bachelor s degree in Cybersecurity, Computer Science, Software Engineering, Electrical Engineering, or related field.
• Minimum 8 years of experience in cybersecurity, with experience in medical devices.
• Demonstrated knowledge of:
  • FDA medical device cybersecurity guidance
  • ISO 13485 and ISO 14971
• Experience with cybersecurity risk assessments and regulatory documentation.