Product Security Engineer

One of our clients is looking to add multiple Product Security Analysts on a newly formed Product Security team. This is an exciting opportunity to impact development initiatives that will shape future product development and industry standards. You will own the Product Security process that includes both pre-market and post-market processes engineering teams leverage throughout the product development lifecycle

Primary Duties and Responsibilities

• Partner with engineering teams (cloud, console, pump, etc.) to drive successful adherence to product security program.

• Create, update, and mature product security processes.

• Deliver documentation for pre-market development activities including security plans, architecture and data flow diagrams, threat models, requirements, SBOM, and risk documentation.

• Monitor and drive post-market vulnerability management activities, with adherence to strict timelines.

• Support compliance certification activities, such as SOC2, FedRAMP, ISO 27001, etc.

• Identify, research, evaluate, and integrate new compliance requirements and industry standards/trends into the product security program.

• Maintain relationships with Information Sharing and Analysis Organizations.
Job Qualifications

• Bachelor's degree in Computer Science, Information Systems, or related field.

• 7+ years industry experience in Information Security and/or regulatory compliance

• Working knowledge of regulatory standards and compliance frameworks (e.g., NIST Cybersecurity Framework, ISO27001, SOC2, HIPAA, GDPR)

• Experience with security risk management techniques and tactics

• Experience working in a regulated environment, FDA-regulated preferred.

• Strong communication and interpersonal skills