Medical Device Security Engineer

Joining us is a chance for you to do important work that creates change and shapes the future of healthcare. Thinking differently is what we do best. To us, change equals opportunity. Every day, more than 4,000 of us are challenging whats possible and making headway to help improve outcomes.
Key Responsibilities:
Perform risk analysis on product‑related cybersecurity risks, determine required security controls, and manage residual risk for security‑related product threats.
Model Product Security Threats and continuously monitor global product‑related cybersecurity threats.
Conduct and document CIS (Center for Internet Security) Benchmark / Baseline reviews for relevant systems and embedded platforms to ensure compliance with hardened configuration requirements.
Ensure adherence to recognized Medical Device Cybersecurity Frameworks, including (but not limited to):
FDA Pre‑ and Post‑Market Cybersecurity Guidance
AAMI TIR57 & AAMI TIR97
ANSI/AAMI SW96
IEC 81001‑5‑1 (Health Software & Health IT Security)
IEC 62443 (Industrial & IoT Security where applicable)
ISO 14971 (Risk Management) as applied to security‑induced safety risks
Research and advocate for new security solutions, technologies, and architecture patterns to improve product cybersecurity posture.
Collaborate with development teams to integrate secure coding and secure design practices into the software and hardware development lifecycle.
Collaborate with Quality and Regulatory functions to ensure proper evaluation and documentation of safety risks induced by security risks, aligning with medical device safety regulations.
Implement and manage security tools and technologies that strengthen the security posture of applications, embedded systems, and connected medical devices.
Provide technical cybersecurity guidance, mentorship, and support to engineering teams, leadership, and cross‑functional stakeholders.
Support vulnerability management activities, including SBOM reviews, vulnerability scanning, penetration testing coordination, and remediation planning.
Ensure product designs incorporate secure configuration, hardening, encryption, authentication, authorization, secure update mechanisms, and secure logging principles.
Participate in internal and external cybersecurity assessments, audits, and regulatory submissions (FDA, EU MDR, Notified Bodies).
Develop and maintain cybersecurity documentation, including threat models, risk assessments, secure‑by‑design documentation, security test plans, and postmarket surveillance artifacts.