Work directly with software, embedded, cloud, quality, and regulatory teams to ensure security is built into product design, development, release, and post-market operations
Embed security into the medical device and SaMD SDLC, including secure design reviews, threat modeling, and security requirements definition
Perform threat modeling and architecture reviews for device software and firmware, cloud-connected services and APIs, mobile and web applications supporting medical devices
Define and validate security controls for authentication, authorization, encryption, and data protection in patient-impacting systems
Partner with Quality and Regulatory teams to ensure cybersecurity requirements are documented, traceable, and auditable
Secure AWS-hosted product backends supporting medical devices and SaMD
Design and review security architectures using AWS services
Implement product-focused logging, monitoring, and threat detection
Integrate security testing into CI/CD pipelines, including SAST, DAST, dependency scanning, container scanning, and secrets detection
Establish and maintain SBOM practices and third-party component governance for medical device software
Define and enforce secure standards for container images, including hardening, scanning, signing, and runtime protections
Support secure build, artifact signing, and release integrity controls
Support product vulnerability intake, triage, and remediation across device software and cloud services
Assist with vulnerability disclosure, security advisories, and post-market cybersecurity activities
Collaborate with incident response teams to investigate and contain product-related security events
Serve as the product security subject matter expert for engineering teams
Mentor engineers and influence secure design decisions through practical guidance and standards
Drive continuous improvement in product security maturity and resilience

Requirements

7+ years of experience in cybersecurity engineering with a strong focus on product and application security
Direct experience securing medical devices, connected devices, or SaMD in a regulated healthcare environment.
Strong understanding of: Secure SDLC and DevSecOps practices, Threat modeling methodologies, OWASP Top 10 and API security risks
Hands-on experience with AWS cloud security in support of products and services.
Familiarity with healthcare and product security frameworks, including NIST CSF/800-53 and ISO 27001.
Ability to work effectively across Engineering, Quality, Regulatory, and Product teams.

Benefits

401(k) with up to a 6% employer match and no vesting period
Employee stock purchase plan
Flexible time off for salaried employees
Accrual of three to five weeks’ vacation annually (based on tenure)
Accrual of up to 64 hours (annually) of paid sick time
Paid and/or floating holidays
Parental leave
Short- and long-term disability insurance
Tuition reimbursement
Health and welfare benefits

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

cybersecurity engineeringproduct securityapplication securitysecure SDLCDevSecOpsthreat modelingAWS cloud securitysecurity controlsvulnerability managementsecurity testing

Soft Skills

collaborationmentoringinfluencingcommunicationcontinuous improvement

Certifications

NIST CSFNIST 800-53ISO 27001