Principal Cybersecurity Engineer Permanent

Osseo, Minnesota

 Pira Consulting | Professional Technology Staffing Agency
Apply for this Job
Your responsibilities will include:
  • Interpret and apply relevant cybersecurity standards and regulations (e.g., FDA/CMDE/MDCG Cybersecurity Guidance, IEC 62443, ISO 14971, HIPAA, GDPR) to ensure product compliance.
  • Stay current with emerging regulations and standards related to medical device security (e.g., FDA Premarket Guidance, Post-market Cybersecurity Guidance).
  • Collaborate with product development teams to embed security controls throughout the design, development, and maintenance phases.
  • Lead threat modeling and security risk assessments across the organization, identifying and evaluating potential threats and vulnerabilities.
  • Elicit and define product security needs and requirements; define product security architectures and design specifications, and verification and validation strategies.
  • Conduct vulnerability assessments, fuzzing and penetration testing to identify and mitigate risks.
  • Establish best practices and processes for secure coding, configuration management, and patching.
  • Develop and implement risk mitigation strategies and maintain risk management documentation.
  • Oversee and enhance incident response plans and processes, ensuring rapid and effective resolution of security incidents.
  • Drive continuous improvement of vulnerability management, including the evaluation and deployment of necessary patches or updates.
  • Work closely with internal stakeholders (Software Development, Quality, Regulatory, IT, etc.) to align on security goals and requirements.
  • Present cybersecurity findings, reports, and recommendations to senior leadership, regulators, and external auditors.
Required qualifications:
  • Bachelor's or Master's degree in Cybersecurity, Computer Science, Computer Engineering, or a related field.
  • 9+ years of experience in cybersecurity engineering, with a focus on product development and risk management.
  • Proven experience leading security design and architecture reviews for complex, embedded medical devices or similar technologies.
  • Demonstrated track record of creating and executing security risk assessments and mitigation strategies.
  • In-depth understanding of cybersecurity frameworks (e.g., NIST Cybersecurity Framework).
  • Understanding of privacy regulations (HIPAA, GDPR) and their intersection with medical device cybersecurity.
  • Strong leadership, decision-making, and team-building capabilities.
  • Excellent written and verbal communication skills for interfacing with technical teams, stakeholders, and executive leadership.
  • Ability to work collaboratively across multidisciplinary teams, bridging gaps between technical, regulatory, and business functions.
Preferred qualifications:
  • Years of experience working in the medical device industry or a similarly regulated environment; security architecture or medical device administration experience in healthcare settings is also a plus.
  • Hands-on experience with secure coding practices, vulnerability scanning tools, fuzzing, and penetration testing methodologies.
  • Knowledge of embedded systems security, wireless communications, network protocols, and PKI.
  • Familiarity with FDA regulations and guidance documents for medical devices (e.g., 21 CFR Part 820).
  • Working knowledge of SW96/TIR57/TIR97, IEC 62304 (software lifecycle), IEC 60601 (electrical safety), and ISO 14971 (risk management).
  • Experience supporting VA Handbook 6500 compliance and ISO/IEC 27001 certification.
  • Relevant certifications (e.g., GIAC, OffSec, CISSP, CISM, CRISC) are a plus.
Date Posted: 06 May 2025
Apply for this Job
Show me similar jobs
Send me jobs by email