Senior Product Security Engineer

Description:

We are seeking a Senior Product Security Engineer who will play a critical role in embedding security throughout the lifecycle of our medical devices and cloud‑based healthcare solutions.

In this role, you will collaborate closely with software, embedded, cloud, quality, and regulatory teams to ensure that security is built into every stage — from concept and development to release, monitoring, and post‑market operations. You will influence secure design decisions, strengthen our DevSecOps practices, and help maintain the safety and regulatory integrity expected in the healthcare environment.

What You Will Do

You will serve as a core partner across product engineering, embedding security into medical device and SaMD development while strengthening our cloud, DevSecOps, and vulnerability management practices.

Secure Product Development & SaMD Security

You will help product teams build secure systems from the ground up by:
 

• Integrating security into the SDLC through secure design reviews, threat modeling, and requirements definition.
• Performing architecture and threat‑modeling reviews for device firmware, cloud services and APIs, and the mobile/web applications that support our devices.
• Defining and validating controls for authentication, authorization, encryption, and data protection.
• Working with Quality and Regulatory teams to ensure cybersecurity requirements are traceable, documented, and audit‑ready.
   

Cloud & Backend Product Security (AWS)

You will secure the AWS‑based backends that power our medical and SaMD platforms by:
 

• Designing and reviewing secure cloud architectures using AWS services.
• Implementing product‑focused logging, monitoring, and threat‑detection capabilities.
   

DevSecOps & Supply Chain Security

You will enhance product resilience and build confidence in our supply chain by:
 

• Integrating security tooling into CI/CD pipelines (SAST, DAST, dependency and container scanning, secrets detection).
• Establishing SBOM practices and governing third‑party components.
• Defining secure standards for container images, including hardening, scanning, and signing.
• Supporting secure build processes, artifact signing, and release integrity.
   

Vulnerability Management & Post‑Market Cybersecurity

You Will Help Products Remain Secure After Launch By
 

• Supporting vulnerability intake, triage, prioritization, and remediation across device software and cloud environments.
• Contributing to coordinated disclosure, advisories, and post‑market cybersecurity requirements.
• Working with incident response to investigate and contain product‑related security events.
   

Technical Leadership

You Will Be a Trusted Advisor And Mentor By
 

• Serving as the product security subject matter expert for engineering teams.
• Guiding secure design decisions and establishing practical, usable security patterns.
• Driving continuous improvement in product security maturity.
   

Who You Are

You are a hands‑on security engineer with strong product and application security experience, and you are comfortable working across embedded, cloud, and software systems in regulated healthcare environments. You bring:
 

• 7+ years of cybersecurity engineering experience with a focus on product/application security.
• Direct experience securing medical devices, connected devices, or SaMD in regulated settings.
• Strong understanding of secure SDLC, DevSecOps, threat modeling, OWASP Top 10, and API security risks.
• Hands‑on experience with AWS cloud security for product backends.
• Familiarity with frameworks like NIST CSF, NIST 800‑53, and ISO 27001.
• The ability to collaborate effectively with Engineering, Quality, Regulatory, and Product teams.