Security Engineer

Job Title: Security Engineer
Location: Hybrid – Marlborough, MA or San Diego, CA
Duration: 6+ Months contract (Possibilities of Extension)

Pay Range: $60.10 - $86.53/hr. on W2

Job Summary:
Our Software Engineering (R&D) department in the Diagnostics division is seeking a Lead Product Security Engineer to serve as the cybersecurity subject matter expert (SME) for our Cytology R&D team. This role ensures that products meet industry standards and FDA requirements throughout the product lifecycle, including post-market activities. The position involves collaborating with cross-functional teams to integrate security into design, development, and operations, and building robust security processes for medical devices and instruments.
 
Key Responsibilities:

• Support the creation and maintenance of security design documentation and architecture diagrams.
• Collaborate with Product Engineering, DevSecOps, Regulatory, and Quality teams to integrate security into the product lifecycle.
• Define security requirements and controls based on use cases and threat models.
• Establish automated vulnerability scanning processes and perform regular risk analyses, prioritizing uncontrolled risks with potential impacts on patient safety using ClientS as the baseline.
• Ensure SBOMs are accurate and usable for continuous vulnerability monitoring.
• Work with DevSecOps and Software Engineers to review static code analysis and third-party software assessment reports.
• Assist in translating cybersecurity requirements into product requirements for new and existing products.
• Support efforts to establish penetration testing suites for continuous testing and monitoring.

• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or related engineering equivalent.
• 8–12 years of professional experience in product security or cybersecurity engineering.
• Strong interpersonal skills with the ability to communicate cybersecurity concepts to diverse audiences.
• Skilled in cross-functional collaboration.
• Proficient in performing risk assessment and management planning.
• Experienced in writing design documentation and standard operating procedures.
• Experienced in Windows OS and Linux, including system hardening.
• Knowledgeable with networking devices (switches, routers, firewalls) and protocols (TCP/IP).
• Familiarity with security frameworks and testing tools, and applying results to product cybersecurity requirements.
• Proficient in scripting and test automation (PowerShell, Python).

• Collaborate with Program Management and Regulatory teams for audits and FDA submissions.
• Familiarity with FDA and other regulatory cybersecurity guidelines and standards (NIST, AAMI, CSLI, UL, BSI, HIPAA, GDPR, State and Federal security standards, ACTS).
• Assist with verification definitions for traceability in product designs.
• Support the establishment of penetration testing suites for continuous security monitoring.