Senior Cybersecurity Engineer

Position Overview

We are hiring a Senior Cybersecurity Engineer to join our dynamic team, focusing on embedding security throughout our product lifecycle. In this role, you will design, build, automate, and maintain secure deployment and monitoring of our cutting‐edge products while ensuring compliance with industry standards and regulatory requirements.

Key Responsibilities

• Join our dynamic team as a Senior Cybersecurity Engineer, driving the security strategy across product development.
• Design, build, automate, and maintain the secure deployment and monitoring of our cutting‐edge products.
• Integrate security best practices into the Secure Software Development Lifecycle (SDLC) from design through deployment.
• Lead threat modeling and risk analysis (per ISO 14971) for new and existing medical device software.
• Author, review, and manage all cybersecurity-related documentation for regulatory submissions (e.g., FDA 510(k) pre-market and post-market plans).
• Act as the primary cybersecurity subject matter expert during regulatory interactions and audits.
• Collaborate with Product Management, Engineering, and Quality teams to define security requirements, controls, and architecture.
• Manage third-party penetration testing and internal vulnerability assessments, and oversee remediation actions.
• Develop, implement, and maintain an incident response plan for product-related security events.
• Continuously assess the company's security posture against emerging threats and evolving business needs, aligning with standards such as SOC 2, HIPAA, and NIST CSF.
• Lead the initiative to achieve and maintain SOC 2 certification and ensure compliance with the HIPAA Security Rule.
• Develop, implement, and enforce company-wide information security policies, procedures, and standards.
• Conduct security architecture reviews and risk assessments for our corporate IT and cloud infrastructure (AWS/GCP/Azure).
• Establish and manage a program to assess and monitor the security posture of third-party vendors and partners.
• Oversee and enhance the company's Identity & Access Management (IAM) policies to ensure the principle of least privilege.

Required Qualifications

• 5+ years of experience in cybersecurity, including 3-5 years in a hands-on senior or lead role.
• Proven experience in a regulated industry, with a strong preference for MedTech, HealthTech, or Life Sciences.
• FDA Expertise: Hands-on experience with FDA cybersecurity guidance for medical devices and contributions to regulatory submissions (e.g., 510(k), PMA).
• Compliance Expertise: Direct experience leading efforts to achieve and maintain SOC 2 and/or HIPAA compliance.
• Proficient in application security, secure SDLC practices, threat modeling (e.g., STRIDE), and vulnerability management.
• Deep knowledge of securing cloud environments and services (AWS, GCP, or Azure).
• Skilled in using security assessment tools, IAM systems, endpoint protection, and network security concepts.
• Bachelor’s degree in Computer Science, Information Security, or a related field.
• Relevant professional certifications (e.g., CISSP, CISM, HCISPP, CSSLP) are highly desirable.