eNGINE is a Solutions and Placement firm focused on building technical teams. They are seeking a Product Security Engineer to secure the next generation of connected medical devices by integrating cybersecurity into the product development lifecycle and collaborating with various engineering teams.
Responsibilities:
- Partner with embedded software and product development teams to integrate cybersecurity into every stage of the software development lifecycle
- Provide technical guidance on secure architecture, secure coding practices, encryption, authentication, certificate management, and access controls
- Lead threat modeling activities for both new and existing network-connected embedded products, identifying risks and recommending practical mitigation strategies
- Support Software Bill of Materials (SBOM) and Vulnerability Exploitability eXchange (VEX) management, including vulnerability tracking and remediation efforts
- Assist engineering teams with Coordinated Vulnerability Disclosure (CVD) processes and product security response activities
- Collaborate with development teams to implement security controls and countermeasures within embedded systems and connected devices
- Develop and maintain cybersecurity documentation required for regulatory submissions, including risk assessments, mitigation plans, and security testing evidence
- Help establish and improve secure development processes, policies, and engineering best practices
- Monitor emerging cybersecurity threats, vulnerabilities, and industry trends impacting connected medical devices
- Partner with cross-functional teams to ensure products meet applicable cybersecurity regulations and compliance requirements
- Support security testing initiatives and work with development teams to address identified findings
- Provide technical guidance to stakeholders ranging from software engineers to quality and regulatory teams
Requirements:
- Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering, Cybersecurity, or a related technical discipline
- 5+ years of experience in Product Security, Application Security, or Embedded Security
- Experience supporting cybersecurity initiatives for medical devices, healthcare technology, or other highly regulated products
- Strong understanding of embedded systems, including Embedded Linux environments
- Working knowledge of networking fundamentals, including TCP/IP, secure communications, TLS, certificates, and authentication
- Experience using Python for scripting, automation, or lightweight security tooling
- Familiarity with cloud environments such as AWS and cloud service architectures
- Experience performing threat modeling and security risk assessments for connected products
- Understanding of secure software development lifecycle (SSDLC) principles and security-by-design practices
- Experience with security testing methodologies and tools, including SAST, DAST, IAST, open-source software (OSS) scanning, and fuzz testing
- Knowledge of SBOM management, software supply chain security, and vulnerability management processes
- Strong written and verbal communication skills with the ability to explain technical concepts to engineers, leadership, and regulatory stakeholders
- Experience with FDA cybersecurity guidance for medical devices, including pre-market and post-market requirements
- Familiarity with medical device standards and frameworks such as IEC 62304, AAMI TIR57, NIST Cybersecurity Framework, EU MDR, and other global cybersecurity regulations
- Experience supporting regulatory submissions and cybersecurity documentation for connected medical devices
- Knowledge of Coordinated Vulnerability Disclosure (CVD) programs and product incident response
- Background working in Agile software development environments