Security Engineer

Responsibilities:

• Security Engineering Services: Security Engineer to serve as a XFN security partner on various projects, focusing on the development and implementation of secure software and hardware solutions for medical devices, specifically smart glasses and medical device software.
• The successful candidate will be responsible for ensuring the security and integrity of our products, protecting sensitive patient data, and ensuring compliance with relevant regulations and industry standards.
• Author cybersecurity management plans, and other security deliverables required to support regulatory submissions (510(k), DeNovo, CE, etc) of RL medical device products
• Conduct security risk assessments and vulnerability testing to identify potential security threats and vulnerabilities in our products.
• Develop and implement security controls, such as encryption, access controls, and secure communication protocols, to mitigate identified risks.
• Work with the software and hardware development teams to ensure that security is integrated into the design and development and HW/SW architecture for medical device products
• Provide security-focused guidance and training to other team members to ensure that security is a top priority across all medical device programs
• Work closely with 3rd party test labs to ensure that security testing and validation is executed and completed to support product timelines
• Collaborate with the legal, SWE, program management, and medical device compliance teams to ensure that our products comply with relevant regulations and industry standards, such as HIPAA, FDA, and GDPR.
• Participate in incident response and security incident management
• Requirements:
• Bachelor s degree in computer science, Cybersecurity, or related field
• 8 years of combined experience in software development, security engineering and security regulatory and compliance, with at least 5 years of experience in security engineering
• Strong understanding of security principles, threat modeling, and risk assessment
• Experience with secure coding practices, vulnerability remediation, and security testing
• Familiarity with regulatory requirements for medical devices (e.g., FDA, CE)
• Experience with mobile application security domain and issues (both Android and iOS)
• Experience with embedded systems/IoT devices a plus.