Job Details

Can you please confirm your top 3 skills sets required?

1. 1. Product Security Engineering (Security by Design and Secure Software Development)
   2. Threat Modeling
   3. Risk Management / Vulnerability Assessment (CVSS)

Can you please confirm the 3 main responsibilities/day to day activities required for this role?

1. 1. See top 3 skills

What is your target years of experience?  5-10 

_______________________________________________________________________________________________________

Position Description

The Cardiac Ablation Solutions (CAS) team is seeking a Senior Product Security Engineer to join our R&D organization and help secure cardiac ablation medical device solutions.

This role focuses on cybersecurity for medical devices and embedded systems. It is not an IT security, compliance, or GRC-focused position. The ideal candidate will bring strong experience partnering with engineering teams to integrate cybersecurity into real-time systems, embedded firmware, connected devices, and other product security contexts.

The selected candidate will support the integration of advanced cybersecurity controls, identify and mitigate vulnerabilities, and contribute to initiatives that improve cyber resilience across the product lifecycle. This person will serve as a technical subject matter expert, mentor others, collaborate across functions, and help drive long-term improvements in product security posture.

Primary Responsibilities 

The Senior Product Security Engineer responsibilities include:

·         Product Security – Implement security requirements across the medical device development lifecycle by partnering with cross-functional teams and applying best practices from design through deployment.

·         Risk Assessment – Conduct threat modeling and vulnerability assessments to identify, prioritize, and help mitigate security risks throughout the product lifecycle.

·         Security Architecture – Support the design and delivery of secure medical devices through implementation of capabilities such as secure boot, secure communications, data protection, software update mechanisms, system integration protections, and access controls.

·         Security Standards – Apply medical device cybersecurity standards and guidance, including NIST, OWASP, and IEC 81001-5-1, and partner with development teams to strengthen security practices.

·         Technical Leadership – Stay current on cybersecurity trends affecting medical devices and health software, share best practices, and help advance long-term product security strategy.

Minimum Qualifications

·         Bachelor’s degree in engineering, computer science, computer engineering, or a related technical field with 4+ years of experience; or an advanced degree with 2+ years of relevant experience.

Preferred Qualifications 

·         Experience in embedded device security within a regulated industry.

·         Strong understanding of cybersecurity concepts and frameworks such as NIST and OWASP.

·         Working knowledge of secure software development lifecycle principles and security-by-design practices.

·         Experience collaborating with engineering teams to identify and address product security risks.

·         Familiarity with medical device cybersecurity standards and guidance, including IEC 81001-5-1, ISO 14971, and FDA premarket and post?market cybersecurity guidance.

·         Experience supporting FDA and other regulatory cybersecurity submissions.

·         Experience with connected healthcare systems or cloud-connected medical devices.

·         Security certifications such as CompTIA Security+, CISSP, or similar.