Product Security Engineer - Vulnerability Management

Job Summary :

We are seeking a skilled and motivated Medical Device Product Security Engineer to join our cross-functional product development team.

This role is responsible for ensuring that our medical devices are designed, developed, and maintained with the highest security standards.

You will work closely with engineering, quality, IT, and regulatory teams to integrate security throughout the product lifecycle from concept to post-market surveillance ensuring compliance with global cybersecurity standards in healthcare.

Key Responsibilities :

• SOUP Management : Identify and document SOUP (Software of Unknown provenance) components, including versioning, source, and intended functionality.
• Monitor and evaluate vulnerabilities in third-party libraries and open-source tools.
• Threat Modeling & Risk Assessment : Conduct security risk assessments (including TARA Threat Analysis and Risk Assessment), and vulnerability assessments across the product portfolio.
• Vulnerability Management : Identify, track, and remediate vulnerabilities in coordination with internal teams and third-party vendors.
• Secure Coding & Review : Support development teams with secure coding practices and conduct code reviews for security flaws.
• Regulatory Compliance : Ensure compliance with relevant regulatory and industry frameworks (e.g., FDA Pre / Post market Cybersecurity Guidance, EU MDR, ISO / IEC 81001-5-1, ISO 14971, NIST 800-53 / 30, UL 2900).
• Security Testing : Collaborate with internal and external testers for static and dynamic analysis, penetration testing, fuzzing, and other assessments.
• Incident Response & Monitoring : Support product cybersecurity incident response planning, monitoring, and post-market surveillance activities.
• Documentation : Produce clear and comprehensive documentation for regulatory submissions, audits, and internal security reviews.

Qualifications : Required :

Preferred :

Key Skills :

(ref : hirist.tech)