As global connectivity increases, the complexity and security challenges associated with protecting devices, infrastructure, patients, and sensitive data also grow. The Principal Product Security Engineer is responsible for designing advanced cybersecurity architectures and effective procedural frameworks to support cyber resilience throughout the product life cycle.
Requirements
- Previous experience as cyber security engineer for embedded software products in a regulated industry
- Experience in cybersecurity, threat modeling, security incident management, and contributing to proactive security strategies.
- Hands-on experience in cyber security architecture, cloud security, cryptography
- Experience working in agile software development teams
- Strong understanding of cyber security concepts and frameworks (e.g.: NIST, OWASP, MITRE)
- Familiarity with security standards such as ISO 27001, ISO 14971 or HITRUST
- Working knowledge of secure software development lifecycle (SDLC) principles, DevSecOps
Responsibilities
- Implement security requirements across the medical device development lifecycle by collaborating with teams to uphold best practices from design to deployment.
- Conduct threat modeling and vulnerability assessments to identify and mitigate security risks throughout the product lifecycle.
- Support the design and deployment of secure medical devices by implementing features like secure boot, communications, data protection, updates, integration, and access controls.
- Develop a comprehensive post-Quantum security strategy integrating quantum-resistant cryptographic algorithms—such as lattice-based, hash-based, and multivariate polynomial schemes—along with strong key management and the use of Hardware Security Modules (HSMs) for medical device protection.
- Use of advanced methods like LLMs, Deep learning to identify cyber security threats, bugs and automate fixing of code
- Adopt advanced AI techniques, including large language models and deep learning to efficiently identify, classify, and remediate cybersecurity vulnerabilities in medical device software and systems
- Ensure the implementation and maintenance of security policies for medical devices in accordance with industry standards and regulations, including NIST, IEC 60601-4-5, and IEC 81001-5-1. Conduct regular assessments and collaborate with development teams to enforce compliance and continuously enhance security practices.
Other
- Proactive communication skills to identify, present and persuade leadership on cyber security risks
- Strong problem-solving and analytical skills
- Ability to collaborate effectively in cross-functional teams
- Experience with medical devices, or regulated industries
- Cyber Security expert with all-round skills in proactive and reactive cyber security risk management.
