Security Engineer

Detailed Job Description:

Security Engineer

The 4 bullet points listed immediately below are Key Responsibilities of the "P4"/"Lead Level" role. In order to be considered for the P4 level role and corresponding rate range, candidates must have applied experience with the four bullet points listed.
If they do not have robust experience for the 4 bullet points below, we are open to considering them for "P3-level" role and corresponding rate range. Participate in continuous improvement of our Secure by Design principles and implementation, ensuring adherence to security standards and best practices. Design architecture that prioritizes efficient, secure software updates and patch management across deployed systems. Establish incident playbooks and coordinate root cause analysis (RCA) for reported security incidents. Leveraging industry standard methodologies to apply threat modeling to our medical products (e.g., STRIDE, PASTA) Our Software Engineering (R&D) department in our Diagnostics division is looking for a Security Engineer experienced in medical device and/or instruments security and systems to join our team, pivotal in building and enhancing security in our products and services! As a Lead Product Security Engineer and the SME for our Cytology R&D team, you will the key cybersecurity representative ensuring that our products are meeting industry standards and FDA requirements throughout the product lifecycle, including post-market. This is a hybrid role based out of either Marlborough, MA or San Diego, CA. Key responsibilities and applied experience required from a candidate:
Support the creation and maintenance of security design documentation and architecture diagrams. Collaborate with cross-functional teams (Product Engineering, DevSecOps, Regulatory, Quality) to integrate security into the product lifecycle. Define security requirements and controls based on specific use cases and threat models. Establish automated processes for vulnerability scanning and perform regular risk analyses to evaluate security threats and vulnerabilities, prioritizing uncontrolled risks with potential impacts on patient safety, leveraging CVSS as the baseline. Work with cross-functional teams to ensure that SBOMs are correct and can be used as part of our continuous vulnerability monitoring process Work with DevSecOps and Software Engineers to review code static analysis and third-party software assessment reports. Minimum Requirements: Bachelor s or Master s degree in Computer Science, Cybersecurity, or related engineering equivalent. Minimum of 8 - 12 years of professional experience in product security/cybersecurity engineering Strong interpersonal skills, with the ability to communicate cybersecurity concepts to a variety of audiences. Skilled in working within cross-functional groups. Skilled in performing Risk Assessment and Management plan Skilled in writing design documentation and standard operating procedures. Experienced in Windows OS and LINUX, including implementing system hardening, is required Experienced in networking devices (e.g., switches, routers, firewalls) and protocols (e.g., TCP/IP) Expertise with security frameworks and testing tools, and how to incorporate the results of those into cybersecurity requirements for the Product Development team. Proficiency in scripting and simple test automation (e.g., PowerShell, Python).
Experiences that are advantageous to have:
Collaborate with Program Management and Regulatory teams to provide security input for audits and FDA submissions. Thorough familiarity with FDA and other regulatory body Cybersecurity Guidelines and cybersecurity standards such as NIST, AAMI, CSLI, UL, BSI, HIPAA, GDPR, State and Federal security standards, and ACTS for premarket and post-market activities. Assist in translating cybersecurity requirements into product requirements for new and existing product designs, as well as assisting with the definition of verifications for traceability. Assist with efforts to establish penetration testing suites for continuous testing and monitoring of our product solution.