Cybersecurity Engineer

Job Description

We are seeking a Cybersecurity Engineer to join a cutting-edge team developing Class III implantable medical devices. This role is critical to ensuring the security, privacy, and integrity of life-sustaining technologies, including implantable pulse generators, external controllers, and cloud-connected platforms. You will design and implement cybersecurity controls for implantable and external medical devices in compliance with FDA premarket and post-market cybersecurity guidance, ISO/IEC 27001, and UL 2900 standards, as well as conduct threat modeling, vulnerability assessments, and penetration testing across embedded systems, mobile apps, and cloud interfaces.

Other responsibilities include:

Collaborate with R&D, Software, Systems, and Regulatory teams to integrate secure-by-design principles throughout the product development lifecycle.

Develop and maintain security risk assessments, SBOMs (Software Bill of Materials), and incident response plans.

Support regulatory submissions by preparing cybersecurity documentation and responding to agency inquiries.

Monitor emerging threats and vulnerabilities relevant to implantable devices and recommend mitigation strategies.

Contribute to security architecture reviews, code reviews, and secure firmware/software development practices.

REQUIRED SKILLS AND EXPERIENCE

Bachelor’s or Master’s degree in Cybersecurity, Computer Engineering, Electrical Engineering, or related field.

5+ years of experience in cybersecurity engineering, with at least 2+ years in the medical device or regulated industry.

Deep understanding of embedded systems security, wireless communication protocols (e.g., BLE, NFC), and cryptographic methods.

Familiarity with FDA cybersecurity guidance, IEC 62304, ISO 14971, and risk management frameworks (e.g., NIST RMF, MITRE ATT&CK).

Experience with penetration testing tools (e.g., Metasploit, Burp Suite), static/dynamic code analysis, and secure boot/firmware validation.

Strong documentation and communication skills for cross-functional collaboration and regulatory engagement.

Certifications such as CISSP, CEH, or GIAC are a plus.

This is a 12 month contract to hire position that is paying $60-75/hour.

Full-time