"Alerted.org

Job Description

This Lead Product Security Engineer will join a team of engineers responsible for the deployment, development, security, and support of the our client's digital cytology products. These products are FDA approved medical laboratory devices which process samples and image slides. They are highly sophisticated electro-mechanical devices which are usually networked together. Imaging systems include a great deal of image data which is analyzed, stored, viewed, and archived. This position is for a product security engineer who will be tasked with reviewing the current security configurations of the product and making improvements. Responsibilities include:

• Maintain vigilance on industry security threats, assess risks to Hologic products, and manage these risks according to established quality procedures.

• Participate in continuous improvement of our Secure by Design principles and implementation, ensuring adherence to security standards and best practices.

• Support the creation and maintenance of security design documentation and architecture diagrams.

• Collaborate with cross-functional teams (Product Engineering, DevSecOps, Regulatory, Quality) to integrate security into the product lifecycle.

• Define security requirements and controls based on specific use cases and threat models.

• Perform regular risk analyses to evaluate security threats and vulnerabilities, prioritizing uncontrolled risks with potential impacts on patient safety.

• Perform Security Risk Management activities to address identified vulnerabilities and security design issues, including regular review and assessment of risk against CVEs.

• Establish automated processes for vulnerability scanning and remediation

• Educate the development and leadership teams on securing products, remote connectivity solutions, and their operating environments.

• Work with cross-functional teams to ensure that SBOMs are correct and can be used as part of our continuous vulnerability monitoring process

• Design architecture that prioritizes efficient, secure software updates and patch management across deployed systems.

• Establish incident playbooks and coordinate root cause analysis (RCA) for reported security incidents.

• Work with DevSecOps and Software Engineers to review code static analysis and third-party software assessment reports.

Compensation: $160,000/hr to $175,000/hr Exact compensation may vary based on several factors, including skills, experience, and education.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to [email protected] learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

Skills and Requirements

• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or related engineering equivalent.

• Minimum of 8 - 12 years of professional experience in product security/cybersecurity engineering

• Demonstrated competency in Cybersecurity education and training through certifications (e.g., CISSP, CompTIA Security+, etc.)

• Skilled in performing Risk Assessment and Management plan

• Skilled in writing design documentation and standard operating procedures.

• Experience working in an FDA regulated environment is required.

• Thorough familiarity with FDA and other regulatory body Cybersecurity Guidelines and cybersecurity standards such as NIST, AAMI, CSLI, UL, BSI, HIPAA, GDPR, State and Federal security standards, and ACTS for premarket and post-market activities.

• Familiarity with Windows OS and cloud-based solutions is required

• Expertise with security frameworks and testing tools, and how to incorporate the results of those into cybersecurity requirements for the Product Development team.

• Proficiency in scripting and simple test automation (e.g., PowerShell, Python).

Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or related engineering equivalent. · Collaborate with Program Management and Regulatory teams to provide security input for audits and FDA submissions.

• Maintain current knowledge of FDA and other regulatory body’s cybersecurity guidance and standards, such as ISO, IEC, NIST, AAMI, CSLI, UL, BSI, HIPAA,

• GDPR, State and Federal security standards, and ACTS for premarket and post-market activities.

• Assist in translating cybersecurity requirements into product requirements for new and existing product designs, as well as assisting with the definition of verifications for traceability.

Assist with efforts to establish penetration testing suites for continuous testing and monitoring of our product solution.