Product Security Specialist

Role Overview We are seeking a

Senior Product Security Engineer

to support the design, development, and lifecycle management of secure medical products. This role focuses on identifying cybersecurity risks, ensuring regulatory compliance, and collaborating with cross-functional teams to embed security into both hardware and software systems.

Key Responsibilities Conduct cybersecurity risk analysis, threat modeling, and develop mitigation strategies for medical products Collaborate with Quality, Regulatory, Legal, Marketing, and Sales teams to ensure compliance with cybersecurity, HIPAA, and GDPR requirements Lead and support product security activities across hardware and software, including: System hardening Automated and manual penetration testing Vulnerability scanning and remediation Perform manual and automated code reviews for complex embedded and clinical application software Develop, implement, and maintain security policies, procedures, and documentation aligned with industry standards Automate security and compliance tasks using scripting languages such as

Python, PowerShell, or Ruby Lead cybersecurity documentation requests from internal and external stakeholders Support or lead incident response activities, vulnerability & exploitability (V&E) assessments, and resolution of security incidents

Required Qualifications Bachelor’s degree in

Computer Science, Software Engineering , or a related discipline 3+ years

of relevant work experience in product or application security Strong understanding of one or more security standards/frameworks, such as: NIST 800-53 IEC 80001-2-8 ISO/IEC 27002 ISO 27799 IEC 15408-2 IEC 62443-3-3 Solid knowledge of

Linux operating systems Experience securing

medical devices or embedded systems Hands-on experience with

threat modeling, VAPT, and risk assessments

Preferred Qualifications Experience in security requirements, data security, malware analysis, vulnerability assessment, and penetration testing using commercial or open-source tools Strong understanding of

networking concepts Familiarity with quality and regulatory standards, including: IEC 62304 IEC 60601 21 CFR Part 820 Security certifications such as

CISSP-ISSAP, CCSP, OSCP

(or equivalent)