Medical Device Security Engineer

Changing lives. Building Careers.

Joining us is a chance for you to do important work that creates change and shapes the future of healthcare. Thinking differently is what we do best. To us, change equals opportunity. Every day, more than 4,000 of us are challenging what’s possible and making headway to help improve outcomes.

Key Responsibilities:

Perform risk analysis on product‑related cybersecurity risks, determine required security controls, and manage residual risk for security‑related product threats.
Model Product Security Threats and continuously monitor global product‑related cybersecurity threats.
Conduct and document CIS (Center for Internet Security) Benchmark / Baseline reviews for relevant systems and embedded platforms to ensure compliance with hardened configuration requirements.
Ensure adherence to recognized Medical Device Cybersecurity Frameworks, including (but not limited to):
FDA Pre‑ and Post‑Market Cybersecurity Guidance
AAMI TIR57 & AAMI TIR97
ANSI/AAMI SW96
IEC 81001‑5‑1 (Health Software & Health IT Security)
IEC 62443 (Industrial & IoT Security where applicable)
ISO 14971 (Risk Management) as applied to security‑induced safety risks
Research and advocate for new security solutions, technologies, and architecture patterns to improve product cybersecurity posture.
Collaborate with development teams to integrate secure coding and secure design practices into the software and hardware development lifecycle.
Collaborate with Quality and Regulatory functions to ensure proper evaluation and documentation of safety risks induced by security risks, aligning with medical device safety regulations.
Implement and manage security tools and technologies that strengthen the security posture of applications, embedded systems, and connected medical devices.
Provide technical cybersecurity guidance, mentorship, and support to engineering teams, leadership, and cross‑functional stakeholders.
Support vulnerability management activities, including SBOM reviews, vulnerability scanning, penetration testing coordination, and remediation planning.
Ensure product designs incorporate secure configuration, hardening, encryption, authentication, authorization, secure update mechanisms, and secure logging principles.
Participate in internal and external cybersecurity assessments, audits, and regulatory submissions (FDA, EU MDR, Notified Bodies).
Develop and maintain cybersecurity documentation, including threat models, risk assessments, secure‑by‑design documentation, security test plans, and postmarket surveillance artifacts.

Experience and Education:

At least 10 years of experience in the Information Security or Cybersecurity domain.
Certification(s) from recognized cybersecurity organizations (e.g., ISC², ISACA, GIAC).
Experience as a Security Regulation and Standards Engineer/Manager.
Experience in systems engineering and collaborative development environments.
Experience preparing cybersecurity documentation for regulated industries.

Additional Experience:

Experience working in regulated industries (Medical Device, Avionic) – advantage.
Academic degree in Computer Science, Software Engineering, Electrical Engineering, or equivalent work experience – advantage.
Experience in Software and/or Hardware development – advantage.
Experience applying medical cybersecurity frameworks such as IEC 81001‑5‑1, AAMI TIR57, AAMI TIR97, ISO 14971, and/or IEC 62443 – strong advantage.

Required Knowledge:

Knowledge of Information Security and Cybersecurity Standards, Methodologies, and Controls, including CIS Benchmarks, NIST Cybersecurity Framework, OWASP, and secure development methodologies.
Knowledge and hands‑on experience in product development and system engineering processes across hardware, firmware, and software.
Strong understanding of medical device cybersecurity requirements, secure architecture patterns, threat modeling (STRIDE, attack trees), and product lifecycle security.
Familiarity with secure boot, cryptography, embedded system hardening, secure communication protocols, and resilience techniques.

Certifications:

Preferred industry certifications such as:
CISSP, CSSLP, CEH, GICSP, GCSD, CCSP – advantage.
Medical‑device‑relevant credentials (e.g., HCISPP, CISA, GIAC IoT Security) – advantage.

Unsolicited Agency Submission

Integra LifeSciences does not accept unsolicited assistance from search firms for employment opportunities. All CVs/resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. A formal written agreement is required before engaging any agency, and it must be executed and authorized by the Vice President, Talent Acquisition. Where agency agreements are in place, introductions (the initial sharing of a candidate’s name, resume, or background) are position-specific and may only occur within the scope of that approved agreement. Please, no phone calls or emails.