- Drive end-to-end cybersecurity integration across the medical device product development life cycle, ensuring security is embedded from concept to release.

- Develop and maintain cybersecurity for medical products, including security requirements specifications, risk assessments, threat models, and product security architecture documentation.

- Conduct thorough gap assessments to evaluate compliance with IEC 81001-5-1, IEC 60601-4-5, AAMI TIR 57, and AAMI TIR 97 standards, and implement remediation measures.

- Perform hands-on vulnerability assessments, penetration testing, and secure code reviews of embedded devices, IoMT (Internet of Medical Things) components, and connected systems.

- Collaborate closely with development, compliance, and regulatory teams to ensure product security measures meet both internal security policies and external regulatory expectations.

- Support SBOM management, software supply chain risk evaluations, and third-party component analysis to maintain software transparency and mitigate risks.

- Provide expert input on secure communication protocols, encryption standards, data protection for both at-rest and in-transit data, and cloud-based connectivity of medical systems.

- Assist in developing incident response strategies and bring working knowledge of HIPAA, GDPR, and HL7 to address data privacy and healthcare-specific regulatory concerns.

- Contribute to the continuous enhancement of internal secure development processes, tools, and methodologies, while championing security best practices within product teams.

Required Skills And Qualifications :

- Minimum of 6 years of experience in cybersecurity, including at least 3 years focused on medical devices, embedded systems, or IoT security.

- Proven track record in authoring security design, defining technical requirements, and documenting security architectures aligned with regulatory needs.

- Hands-on experience in embedded system security including secure boot, firmware security, threat modeling techniques (e.g., STRIDE, DREAD), and product-level risk assessments.

- Strong understanding of IEC 81001-5-1, IEC 60601-4-5, AAMI TIR 57, and AAMI TIR 97, along with working knowledge of the medical device product development lifecycle and quality standards like ISO 14971.

- Demonstrated expertise in vulnerability management and penetration testing of connected products across device and cloud ecosystems.

- Familiarity with data privacy and interoperability standards such as HIPAA, GDPR, and HL7 is highly desirable.

- Excellent problem-solving skills, critical thinking, and ability to lead gap analysis and remediation activities in regulated environments.

- Strong collaboration skills with the ability to influence cross-functional teams including R&D, compliance, and product management.