Product Security Engineer Medical Device

Source One is a consulting services company and we’re currently looking for the following individual to work as a consultant with our direct client, a medical device manufacturer in Raynham, MA. Fully Remote

No Agency, C2C or Sponsorship

Title : Product Security Engineer Medical Devices & Embedded Systems

Location : Remote

Duration : 12 months, with likely extension

Hourly Rate : $62.00 w2

Mon-Fri / 40 hours)

MUST HAVE : Understanding of medical device security requirements, including FDA regulations, 510k submissions, and Quality Design Control processes.

Summary :

The Product Security Engineer will be responsible for the implementation of

• s enterprise Product Security strategy and framework throughout the orthopedics portfolio. This includes identifying key strategy and goals, collaborating with internal organizations to enhance existing processes and policies, creating and communicating metrics to senior management, and driving overall awareness of the capability. Specific responsibilities include supporting Client and R&D teams throughout new product development phases, reviewing product security requirements, and recommending security design solutions. The role also involves assisting with the completion of Quality documentation, performing threat modeling, penetration testing, software architecture review, and providing design recommendations. The engineer will conduct code analysis and other security testing as needed. Additionally, post-market responsibilities for Client marketed devices include monitoring for new vulnerabilities, assisting with patching and remediation plans, and responding to customer security questionnaires and reviewing security language within contractual agreements.

Key Responsibilities :

Qualifications :

o In-depth knowledge of real-time operating systems (e.g., QNX, Linux, Windows Embedded) and hardening techniques.

o Strong understanding of embedded systems security, including secure software development, secure coding practices, and vulnerability management.

o Experience with vulnerability scanning, penetration testing, and risk assessment tools (CVSS, OWASP, etc.).

o Proficiency in at least one programming language (e.g., C, C , C#) and experience with secure code reviews.

o Knowledge of Software Bill of Materials (SBOM) and how it relates to security and compliance.

o Understanding of medical device security requirements, including FDA regulations, 510k submissions, and Quality Design Control processes.

o Familiarity with threat modeling, risk management frameworks, and vulnerability management for medical devices.

o Strong interpersonal and collaboration skills with the ability to communicate complex technical concepts to non-technical stakeholders.

o Proven ability to influence cross-functional teams to drive security improvements and achieve desired outcomes.

o Experience creating and presenting security metrics and reports to senior management.

o CISSP, CEH, MCSD, CSSLP, or similar security certifications.

Additional Skills :

o Familiarity with cloud-based IoT solutions is preferred.

o Creative problem-solving skills with a customer-focused mindset (both internal and external).

o A strategic thinker with strong attention to detail and the ability to align tactical initiatives with broader organizational goals.

Salary : $62