Product Security Specialist

Role Overview We are seeking a Senior Product Security Engineer to support the design, development, and lifecycle management of secure medical products. This role focuses on identifying cybersecurity risks, ensuring regulatory compliance, and collaborating with cross-functional teams to embed security into both hardware and software systems. Key Responsibilities Conduct cybersecurity risk analysis, threat modeling, and develop mitigation strategies for medical products Collaborate with Quality, Regulatory, Legal, Marketing, and Sales teams to ensure compliance with cybersecurity, HIPAA, and GDPR requirements Lead and support product security activities across hardware and software, including: System hardening Automated and manual penetration testing Vulnerability scanning and remediation Perform manual and automated code reviews for complex embedded and clinical application software Develop, implement, and maintain security policies, procedures, and documentation aligned with industry standards Automate security and compliance tasks using scripting languages such as Python, PowerShell, or Ruby Lead cybersecurity documentation requests from internal and external stakeholders Support or lead incident response activities, vulnerability & exploitability (V&E) assessments, and resolution of security incidents Required Qualifications Bachelor’s degree in Computer Science, Software Engineering , or a related discipline 3+ years of relevant work experience in product or application security Strong understanding of one or more security standards/frameworks, such as: NIST 800-53 IEC 80001-2-8 ISO/IEC 27002 ISO 27799 IEC 15408-2 IEC 62443-3-3 Solid knowledge of Linux operating systems Experience securing medical devices or embedded systems Hands-on experience with threat modeling, VAPT, and risk assessments Preferred Qualifications Experience in security requirements, data security, malware analysis, vulnerability assessment, and penetration testing using commercial or open-source tools Strong understanding of networking concepts Familiarity with quality and regulatory standards, including: IEC 62304 IEC 60601 21 CFR Part 820 Security certifications such as CISSP-ISSAP, CCSP, OSCP (or equivalent)