Sr Product Security Engineer

Primary Talent Partners has a new contract opening for a Sr Product Security Engineer  with our medical device client in Mounds View, MN. This is a 12-month contract with a potential for extension.

Pay: $75.00 - $85.00/hr; W2 contract, no PTO, no Benefits. ACA-compliant supplemental package available for enrollment. Candidates must be legally authorized to work in the United States and must be able to sit on Primary Talent Partners W2 without sponsorship.


Description:
Cardiac Ablation Solutions (CAS) is seeking a Senior Product Security Engineer to join our R&D organization and help secure cardiac ablation medical device solutions.

This role focuses on cybersecurity for medical devices and embedded systems. It is not an IT security, compliance, or GRC-focused position. The ideal candidate will bring strong experience partnering with engineering teams to integrate cybersecurity into real-time systems, embedded firmware, connected devices, and other product security contexts.

The selected candidate will support the integration of advanced cybersecurity controls, identify and mitigate vulnerabilities, and contribute to initiatives that improve cyber resilience across the product lifecycle. This person will serve as a technical subject matter expert, mentor others, collaborate across functions, and help drive long-term improvements in product security posture.

Primary Responsibilities:

The Senior Product Security Engineer responsibilities include:

• Product Security - Implement security requirements across the medical device development lifecycle by partnering with cross-functional teams and applying best practices from design through deployment.
• Risk Assessment - Conduct threat modeling and vulnerability assessments to identify, prioritize, and help mitigate security risks throughout the product lifecycle.
• Security Architecture - Support the design and delivery of secure medical devices through implementation of capabilities such as secure boot, secure communications, data protection, software update mechanisms, system integration protections, and access controls.
• Security Standards - Apply medical device cybersecurity standards and guidance, including NIST, OWASP, and IEC 81001-5-1, and partner with development teams to strengthen security practices.
• Technical Leadership - Stay current on cybersecurity trends affecting medical devices and health software, share best practices, and help advance long-term product security strategy.

Minimum Qualifications:

• Bachelor''s degree in engineering, computer science, computer engineering, or a related technical field with 4+ years of experience

Preferred Qualifications:

• Experience in embedded device security within a regulated industry.
• Strong understanding of cybersecurity concepts and frameworks such as NIST and OWASP.
• Working knowledge of secure software development lifecycle principles and security-by-design practices.
• Experience collaborating with engineering teams to identify and address product security risks.
• Familiarity with medical device cybersecurity standards and guidance, including IEC 81001-5-1, ISO 14971, and FDA premarket and post-market cybersecurity guidance.
• Experience supporting FDA and other regulatory cybersecurity submissions.
• Experience with connected healthcare systems or cloud-connected medical devices.
• Security certifications such as CompTIA Security+, CISSP, or similar.

Top 3 skill sets required:

1. Product Security Engineering (Security by Design and Secure Software Development)
2. Threat Modeling
3. Risk Management / Vulnerability Assessment (CVSS)

Products (if any) will this role support
All CAS products, primarily:

• Affera
• PulseSelect PFA
• Nitron CryoConsole

Target years of experience:

• 5-10 years