Principal Cybersecurity Engineer (IRC295648)

Job Description

Client is seeking a Principal Cybersecurity Engineer with a background in the design, development, and testing of cybersecurity features and controls in a regulated industry. This individual will be responsible for guiding the cybersecurity strategy throughout the product lifecycle, ensuring compliance with relevant standards and regulations.

Required qualifications:
• Bachelor’s or master’s degree in Cybersecurity, Computer Science, Computer
Engineering, or a related field.

• 9+ years of experience in cybersecurity engineering, with a recent focus on product security as it extends to the IoT cloud.

• Proven experience leading security design and architecture reviews for complex, embedded medical devices or similar technologies.
• Demonstrated history of creating and executing security risk assessments and
mitigation strategies.
• In-depth understanding of cybersecurity frameworks (e.g., NIST Cybersecurity Framework) including best practices for defense in depth.
• Excellent written and verbal communication skills for interfacing technical teams, stakeholders, and executive leadership.
• Ability to work collaboratively across multidisciplinary teams, bridging gaps between technical, regulatory, and business functions.

Preferred qualifications:
• 5+ years of experience working in the medical device industry or a similarly regulated environment; security architecture or medical device administration experience in healthcare settings is also a plus.
• Development experience in securing Yocto and desktop Linux, Windows IoT, or Android
• Deep knowledge of the deployment environment for medical devices into health delivery organizations, including Active Directory (AD) or Single Sign On (SSO) integrations.
• Hands-on experience with IoT cloud deployments such as Azure or AWS.
• Experience writing code, with secure coding practices, vulnerability scanning tools, and penetration testing methodologies.
• Knowledge of embedded systems security, network security, endpoint protections, wireless communications, network protocols, and PKI.
• Experience supporting VA Handbook 6500 compliance, ISO/IEC 27001 certification a
• Relevant certifications (e.g., GIAC, ISSEP, ISSAP, CRISC) are a plus.
• Experience with vulnerability and risk assessments including use of CVSS.

Job Responsibilities

Lead threat modeling using STRIDE and security risk assessments, identifying, and evaluating potential threats and safety issues.
• Elicit and define product security needs and requirements; define product security architectures and design specifications, and verification and validation strategies.
• Stay current with emerging regulations and standards related to medical device security (e.g., FDA Premarket Guidance, Post-market Cybersecurity Guidance, TIR 57).
• Collaborate with product development teams to embed security controls throughout the design, development, and maintenance phases.
• Establish best practices and processes for secure coding, configuration management, and patching.
• Develop and implement risk mitigation strategies and maintain risk management documentation.
• Oversee and enhance incident response plans and processes, ensuring rapid and effective resolution of security incidents.
• Drive continuous improvement of vulnerability management, including the evaluation and deployment of necessary patches or updates.
• Collaborate closely with internal stakeholders (Software Development, Quality, Regulatory, IT) to align security goals and requirements.
• Model resiliency and show leadership by presenting topics to the Security Champions
program.

Department/Project Description

The client is a pioneer in medical devices for less invasive surgical procedures, ranking as a leader in the market for coronary stents. The company’s medical devices are used in a variety of interventional medical specialties, including interventional cardiology, peripheral interventions, vascular surgery, electrophysiology, neurovascular intervention, oncology, endoscopy, urology, gynecology, and neuromodulation.
The client’s mission is to improve the quality of patient care and the productivity of health care delivery through the development and advocacy of less-invasive medical devices and procedures. This is accomplished through the continuing refinement of existing products and procedures and the investigation and development of new technologies that can reduce risk, trauma, cost, procedure time and the need for aftercare.

Skill Category

Architecture