Lead and personally execute cybersecurity activities across the product lifecycle, from concept through post‑market support.
Perform and review: Threat modeling and attack surface analysis, Secure architecture and design reviews, Security requirements definition and verification.
Manage and approve third-party penetration testing.
Partner with R&D to embed secure‑by‑design practices into hardware, firmware, software, cloud, and mobile components.
Guide secure development aligned with IEC 62304, ISO 14971, ISO 270001, and other regulatory cybersecurity expectations.
Integrate cybersecurity into design controls, software lifecycle processes, and system engineering practices.
Lead the product vulnerability management program, including: Vulnerability intake, triage, and risk assessment, Coordinated disclosure and remediation, CVE tracking and SBOM‑driven analysis.
Guide product cybersecurity incident response, including root cause analysis and corrective actions.
Support efforts to ensure monthly security testing is running successfully across products through support integration of security tools through automation.
Lead cybersecurity contributions for FDA submissions (U.S.), EU MDR technical documentation, and other international markets as required.
Author and/or review cybersecurity documentation, including: Threat models and risk assessments, Cybersecurity sections of regulatory submissions, Security architecture and design artifacts.
Ensure alignment with FDA Cybersecurity Guidance, EU MDR and IEC 81001‑5‑1, ISO 14971 and IEC 62304, NIST Cybersecurity Framework and relevant global standards.
Lead, mentor, and grow a team of product cybersecurity engineers.
Balance hands‑on technical work with prioritization, planning, and delivery.
Establish clear pragmatic cybersecurity processes, metrics, and accountability across product teams.

Requirements

Bachelor’s degree in Computer Science, Engineering, Cybersecurity, or related field
8+ years of cybersecurity experience, with direct experience securing medical devices or SaMD.
3+ years of experience leading or mentoring cybersecurity or product security teams.
Strong hands‑on experience with: Secure software development, Embedded and/or cloud‑connected medical devices, Threat modeling and risk analysis
Experience in healthcare and regulatory environments.
Experience supporting FDA submissions and regulatory audits (preferred).
Familiarity with SBOM standards (e.g., SPDX, CycloneDX) (preferred).
Knowledge of cloud security for regulated healthcare environments (preferred).
Familiarity with US Department of Defense (DoD) Authorization to Operate (ATO) (preferred).
Relevant certifications (e.g., CISSP, CSSLP, HCISPP) (preferred).

Benefits

401(k) with up to a 6% employer match and no vesting period
Employee stock purchase plan
Flexible time off for salaried employees
Accrual of three to five weeks’ vacation annually (based on tenure)
Accrual of up to 64 hours (annually) of paid sick time
Paid and/or floating holidays
Parental leave
Short- and long-term disability insurance
Tuition reimbursement
Health and welfare benefits

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

cybersecuritythreat modelingattack surface analysissecure architecturesecurity requirements definitionvulnerability managementrisk assessmentsecure software developmentembedded systemscloud security

Soft Skills

leadershipmentoringplanningprioritizationcommunicationteam managementprocess establishmentaccountability

Certifications

CISSPCSSLPHCISPP