Product Security Specialist

Role Overview

We are seeking a Senior Product Security Engineer to support the design, development, and lifecycle management of secure medical products. This role focuses on identifying cybersecurity risks, ensuring regulatory compliance, and collaborating with cross-functional teams to embed security into both hardware and software systems.

Key Responsibilities

- Conduct cybersecurity risk analysis, threat modeling, and develop mitigation strategies for medical products - Collaborate with Quality, Regulatory, Legal, Marketing, and Sales teams to ensure compliance with cybersecurity, HIPAA, and GDPR requirements - Lead and support product security activities across hardware and software, including: - System hardening - Automated and manual penetration testing - Vulnerability scanning and remediation - Perform manual and automated code reviews for complex embedded and clinical application software - Develop, implement, and maintain security policies, procedures, and documentation aligned with industry standards - Automate security and compliance tasks using scripting languages such as Python, PowerShell, or Ruby - Lead cybersecurity documentation requests from internal and external stakeholders - Support or lead incident response activities, vulnerability & exploitability (V&E) assessments, and resolution of security incidents

Required Qualifications

- Bachelor’s degree in Computer Science, Software Engineering, or a related discipline - 3+ years of relevant work experience in product or application security - Strong understanding of one or more security standards/frameworks, such as: - NIST 800-53 - IEC 80001-2-8 - ISO/IEC 27002 - ISO 27799 - IEC 15408-2 - IEC 62443-3-3 - Solid knowledge of Linux operating systems - Experience securing medical devices or embedded systems - Hands-on experience with threat modeling, VAPT, and risk assessments

Preferred Qualifications

- Experience in security requirements, data security, malware analysis, vulnerability assessment, and penetration testing using commercial or open-source tools - Strong understanding of networking concepts - Familiarity with quality and regulatory standards, including: - IEC 62304 - IEC 60601 - 21 CFR Part 820 - Security certifications such as CISSP-ISSAP, CCSP, OSCP (or equivalent)