Sr II - Embedded Product Security Engineer

Arthrex, Inc. is a global medical device company and a leader in new product development and medical education. We are a privately held company that strives to accomplish our corporate mission of Helping Surgeons Treat Their Patients Better . We are committed to delivering uncompromising quality to the health care professionals who use our products, and ultimately, the millions of patients whose lives we impact.

Arthrex Benefits

Medical, Dental and Vision Insurance
Company-Provided Life Insurance
Voluntary Life Insurance
Flexible Spending Account (FSA)
Supplemental Insurance Plans (Accident, Cancer, Hospital, Critical Illness)
Matching 401(k) Retirement Plan
Annual Bonus
Wellness Incentive Program
Free, Onsite Medical Clinics
Free Lunch
Tuition Reimbursement Program
Trip of a Lifetime
Paid Parental Leave
Paid Time Off
Volunteer PTO
Employee Assistance Provider (EAP)

Please note, most benefits are for regular, full time employees.

All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other status protected by law.

Seeking Embedded Software Engineers with an interest in cybersecurity wanting a career that positively impacts people lives!!

Arthrex is a global medical device manufacturer, and our mission is Helping Surgeons Treat Their Patients Better . The right candidate for this role will have some experience securing and pen-testing embedded or IoT devices along with a background in electrical engineering or software system design. As our Sr II Embedded Product Security Engineer, your day-to-day would be assisting our product design and development teams in securing connected and IoT medical devices. You would take part in architecture reviews, grooming product security requirements, testing for vulnerabilities, and documenting the steps of our Secure Product Development Framework for use in regulatory submissions around the globe. You will have the opportunity to attend training for security certifications and go to events like H-ISAC Conferences, DEF CON, and Black Hat. And of course, you would get to help secure cutting-edge technology that has a positive impact in society!

This role will be supporting our teams on the west coast, so we are ideally looking for somone in the Pacific or Mountain time zones or soemone open to working durring that time of day.

Main Objective: Responsible for product software and hardware design implementations from a cybersecurity perspective, and identifying and resolving security issues, including the appropriate security analysis, defenses, and countermeasures at each phase of the product lifecycle, to result in robust and reliable products.

Essential Duties and Responsibilities:
* Designs security architecture of components or functional systems and modifies existing designs to develop or improve products.
* Recommends alterations to development and design to improve the security of products and/or procedures.
* Contributes to a broader design perspective and considers how an application interacts with the underlying infrastructure or external resources.
* Develops threat scenarios and designs responses for associated vulnerabilities to mitigate risk.
* Maintains design history file for assigned projects, adhering to Arthrex design control procedures.
* Determines the necessity of security testing and initiates testing of assigned products.
* Provides Regulatory department technical support for assigned projects as needed.
* Supports Marketing and Product Management with technical information to be used for training and marketing of assigned products.
* Supports Software Engineering to design and develop components, processes, and training using Security-by-Design and Privacy-by-Design principles.
* Supports surgeon and distributor customers in the sales process by educating and demonstrating security-focused aspects of assigned products as needed.
* Partner with Legal, Compliance, Privacy, and Information Security departments to ensure products and staff comply with required laws, regulations, and policies.
* Reports progress and status of assigned projects on a timely basis.
* May be required to travel; International travel may be required.


Knowledge:
* Complete understanding and application of principles, concepts, practices, and standards. Full knowledge of industry practices.


Skills:
* Knowledgeable of System and Software Development Processes and Lifecycles required.
* Knowledgeable of application security best practices required.
* Knowledgeable of FDA and ISO guidelines for the development of medical devices required.
* Experience leading strategic discussion that addresses both business and technical risks required.
* Proficiency in the development of threat scenarios and risk mitigation techniques required.
* Proficiency in the use of the privacy by design principle required.
* Strong Project management and communication skills preferred.
* Experience in web application security and controls concepts preferred.
* Experience in embedded system development, IoT lifecycle, real-time operating systems, firmware, RFID, CANbus, WiFi, or Bluetooth LE preferred.


Education/ Experience:
* 8 years of related experience
* Bachelor s degree required preferably in Engineering (Mechanical, Biomedical, Electrical or Software Engineering), Computer Science, Information Security, or Cybersecurity