[Remote] Senior Product Vulnerability Engineer (Medical Device Cybersecurity)
Note: The job is a remote job and is open to candidates in USA. QvalFocus Inc. is seeking an experienced Product Vulnerability Engineer to support cybersecurity activities for connected medical devices throughout the product lifecycle. The ideal candidate will be responsible for performing cybersecurity vulnerability assessments, conducting threat modeling, and ensuring compliance with various cybersecurity standards and regulations.
Responsibilities
- Perform cybersecurity vulnerability assessments on hardware, software, firmware, and connected medical devices
- Conduct threat modeling, security risk assessments, and vulnerability analysis
- Review and prioritize vulnerabilities using CVE, CVSS, CWE, and OWASP methodologies
- Perform SAST, DAST, penetration testing, firmware security analysis, and network security testing
- Review SBOMs and assess third-party software component risks
- Support secure product development lifecycle (SPDLC) activities
- Develop cybersecurity documentation, risk assessments, remediation plans, and compliance deliverables
- Collaborate with Software, Systems, Hardware, Quality, Regulatory, and Risk Management teams
- Ensure compliance with FDA Cybersecurity Guidance, IEC 81001-5-1, IEC 62304, ISO 14971, and NIST Cybersecurity Framework
Skills
- Bachelor's degree in Cybersecurity, Computer Science, Software Engineering, Electrical Engineering, or related field
- 5+ years of cybersecurity experience
- 3+ years supporting medical devices, healthcare products, embedded systems, or regulated products
- Experience performing vulnerability assessments, threat modeling, security risk analysis, and product security reviews
- Strong knowledge of Medical Device Cybersecurity
- Strong knowledge of FDA Cybersecurity Guidance
- Strong knowledge of IEC 81001-5-1
- Strong knowledge of IEC 62304
- Strong knowledge of ISO 14971
- Strong knowledge of CVE, CVSS, CWE
- Strong knowledge of OWASP
- Strong knowledge of MITRE ATT&CK
- Strong knowledge of NIST Cybersecurity Framework
- Strong knowledge of SBOM Review
- Strong knowledge of Secure Product Development Lifecycle (SPDLC)
- Strong knowledge of Embedded Systems Security
- Strong knowledge of Network Security
- Strong knowledge of Vulnerability Management
- Strong knowledge of Security Risk Management
- Experience with Fortify, Checkmarx, SonarQube, Nessus, Burp Suite, Wireshark, Qualys, and security scanning tools
- Experience supporting connected medical devices, diagnostics, imaging systems, or healthcare products
- CISSP, CEH, OSCP, GICSP, or Security+ certifications are a plus
Company Overview
Company H1B Sponsorship