Engineering Manager - Cyber Security

Description :

Role : Engineering Manager - Product & Device Security

Experience : 18+ years

About the Role :

We are seeking an exceptionally seasoned Engineering Manager with 18+ years of total experience, including 10 years dedicated to Product Security and 8+ years in people management. This pivotal leadership position is focused on securing our mission-critical medical devices and associated infrastructure. You will lead a dynamic team responsible for developing, implementing, and continuously monitoring robust security solutions, driving global product security initiatives, and ensuring stringent compliance with all relevant regulatory standards.

Responsibilities :

- Architecture & Secure Design : Define and enforce security requirements at the firmware, hardware (SoC/TPM), and application layers for embedded and IoT medical devices, ensuring compliance with secure-by-design principles.

- Assurance Program Leadership : Oversee and scale the security assurance program, mandating and integrating advanced techniques such as Protocol-level Fuzz Testing, automated Static Analysis (SAST) and Dynamic Analysis (DAST) into the CI/CD pipeline.

- Compliance Automation : Drive the technical implementation and automation of controls necessary for achieving certification against stringent standards, including ISO/IEC 27001 (Control Mapping), IEC 62443 (Component Security), ISO 14971 (Risk Management), and ISO 13485 (QMS).

- Identity & Cryptography : Architect the PKI (Public Key Infrastructure) lifecycle for device identities, secure boot chains, and over-the-air (OTA) firmware updates, ensuring robust key management and cryptographic isolation.

- Threat & Risk Modeling : Institutionalize STRIDE/DREAD-based threat modeling as a mandatory practice during the initial design phase of all new product features and infrastructure components.

- Vulnerability & SBOM Management : Lead the governance process for vulnerability disclosure and patching, and implement automated solutions for generating and maintaining the Software Bill of Materials (SBOM) to track and remediate open-source supply chain risk.

- Team & Technical Mentorship : Provide technical mentorship to senior security engineers, guiding them on complex topics such as zero-trust network segmentation for medical device infrastructure and cloud security best practices.

Required Skill Set (Mandatory Skills) :

- Experience : 18+ years in engineering/cybersecurity, with 10 years in Product Security and 8+ years in people management.

- Device Security : Proven technical expertise in securing embedded Linux/RTOS or Windows IoT systems, including secure boot, memory protection, and secure communication protocols (e.g., TLS 1.3).

- Architecture & Review : Expert experience designing and performing formal security reviews of Microservices and Cloud-Native architectures hosted on Azure or similar platforms.

- Security Frameworks : Profound operational knowledge of key cybersecurity frameworks : NIST CSF, ISO/IEC 27001, IEC 62443, ISO 14971, and ISO 13485.

- Assurance Deep Dive : Expert application of Threat Modeling, Secure SDLC, Risk Assessment, and advanced testing techniques (fuzz testing, penetration testing coordination).

- Security Tooling : Hands-on management and configuration experience with enterprise security tools : SAST/DAST platforms, commercial vulnerability scanners, centralized SBOM solutions, and PKI/Key Management Systems (KMS).

Preferred Skills :

- Certification such as CSSLP, CISSP-ISSAP (Architecture), or GIAC certifications related to cloud or product security.

- Experience with DTS (Data Transfer Security) and specific healthcare integration protocols (HL7, FHIR).

- Experience developing security solutions using low-level languages (C/C++ or Rust).

Engineering Manager - Product & Device Security