The role focuses on integrating robust cybersecurity into medical device development, partnering with engineering teams to strengthen security across embedded systems and real-time health solutions. This position emphasizes product security engineering within a hands-on R&D environment.
Summary
The Senior Product Security Engineer concentrates on medical devices and embedded systems, collaborating with cross-functional teams to embed cybersecurity throughout the product lifecycle. The role emphasizes threat modeling, vulnerability assessments, and secure design to enhance the resilience of health technologies.
Primary Responsibilities
- Implement security requirements across the medical device development lifecycle by partnering with cross-functional teams and applying best practices from design through deployment.
- Conduct threat modeling and vulnerability assessments to identify, prioritize, and help mitigate security risks throughout the product lifecycle.
- Support the design and delivery of secure medical devices through implementations such as secure boot, secure communications, data protection, software update mechanisms, system integration protections, and access controls.
- Apply medical device cybersecurity standards and guidance, including NIST, OWASP, and IEC 81001-5-1, and partner with development teams to strengthen security practices.
- Stay current on cybersecurity trends impacting medical devices and health software, share best practices, and help advance the long-term product security strategy.
Responsibilities May Include
- Perform security assessments of company products that may include vulnerability and risk assessments, threat analysis, and security code reviews to identify potential design and implementation vulnerabilities.
- Design and develop security features for products including systems, applications and/or solutions.
- Integrate new security features and updates into existing products and ensure security is maintained throughout the product lifecycle. Provide recommendations and resolve integration and testing issues.
- Build a standardized set of security product requirements and produce metrics to report performance against those requirements. Define security diagnostics and tools to facilitate analysis and reporting of security events. Detect and mitigate security risks, respond to product security incidents, and collaborate with customers on product security issues. Lead or participate in security architecture and design review meetings.
Requirements
- Product Security Engineering (Security by Design and Secure Software Development)
- Threat Modeling
- Risk Management / Vulnerability Assessment (CVSS)
- Bachelor's degree in engineering, computer science, computer engineering, or a related technical field with 4+ years of experience; or an advanced degree with 2+ years of relevant experience
- Experience in embedded device security within a regulated industry
- Strong understanding of cybersecurity concepts and frameworks such as NIST and OWASP
- Working knowledge of secure software development lifecycle principles and security-by-design practices
- Experience collaborating with engineering teams to identify and address product security risks
- Familiarity with medical device cybersecurity standards and guidance, including IEC 81001-5-1, ISO 14971, and FDA premarket and post-market cybersecurity guidance
- Experience supporting FDA and other regulatory cybersecurity submissions
- Experience with connected healthcare systems or cloud-connected medical devices
- Security certifications such as CompTIA Security+, CISSP, or similar
Top 3 Skills Sets Required
- Product Security Engineering (Security by Design and Secure Software Development)
- Threat Modeling
- Risk Management / Vulnerability Assessment (CVSS)
Target Years of Experience
5-10 years
Minimum Qualifications
Bachelor’s degree in engineering, computer science, computer engineering, or a related technical field with 4+ years of experience; or an advanced degree with 2+ years of relevant experience
Preferred Qualifications
- Experience in embedded device security within a regulated industry
- Strong understanding of cybersecurity concepts and frameworks such as NIST and OWASP
- Working knowledge of secure software development lifecycle principles and security-by-design practices
- Experience collaborating with engineering teams to identify and address product security risks
- Familiarity with medical device cybersecurity standards and guidance, including IEC 81001-5-1, ISO 14971, and FDA premarket and post-market cybersecurity guidance
- Experience supporting FDA and other regulatory cybersecurity submissions
- Experience with connected healthcare systems or cloud-connected medical devices
- Security certifications such as CompTIA Security+, CISSP, or similar
Position Description
The Cardiac Ablation Solutions CAS unit seeks a Senior Product Security Engineer to join its R&D organization and help secure cardiac ablation medical device solutions. This role centers on cybersecurity for medical devices and embedded systems, not IT security, compliance, or GRC. The ideal candidate partners with engineering teams to integrate cybersecurity into real-time systems, embedded firmware, and connected devices, among other contexts. The selected professional will support the integration of advanced cybersecurity controls, identify and mitigate vulnerabilities, and contribute to initiatives that bolster cyber resilience across the product lifecycle. They will serve as a technical subject matter expert, mentor peers, collaborate across functions, and drive sustained improvements in product security posture.
Pay
$50.00 - $60.00 per hour
Work Location
Saint Paul, MN (onsite) — In person