Lead Product Security Engineer (R&D Cytology) jobs in United States
cer-icon
Apply on Employer Site
company-logo

Hologic, Inc. · 2 weeks ago

Lead Product Security Engineer (R&D Cytology)

positionMarlborough, MA
timeFull-time
remoteHybrid
senioritySenior Level, Lead/Staff
money$132K/yr - $206K/yr
date8+ years exp

Hologic, Inc. is a company focused on enabling healthier lives through innovative medical technology. They are seeking a Lead Product Security Engineer to ensure their products meet industry standards and FDA requirements while enhancing security throughout the product lifecycle.

BiotechnologyHealth CareHealth DiagnosticsWomen's
check
Comp. & Benefits
check
H1B Sponsor Likelynote
Hiring Manager
Rachel Fang
linkedin

Responsibilities

Maintain vigilance on industry security threats, assess risks to Hologic products, and manage these risks according to established quality procedures
Participate in continuous improvement of our Secure by Design principles and implementation, ensuring adherence to security standards and best practices
Support the creation and maintenance of security design documentation and architecture diagrams
Collaborate with cross-functional teams (Product Engineering, DevSecOps, Regulatory, Quality) to integrate security into the product lifecycle
Define security requirements and controls based on specific use cases and threat models
Perform regular risk analyses to evaluate security threats and vulnerabilities, prioritizing uncontrolled risks with potential impacts on patient safety
Perform Security Risk Management activities to address identified vulnerabilities and security design issues, including regular review and assessment of risk against CVEs
Establish automated processes for vulnerability scanning and remediation
Educate the development and leadership teams on securing products, remote connectivity solutions, and their operating environments
Work with cross-functional teams to ensure that SBOMs are correct and can be used as part of our continuous vulnerability monitoring process
Design architecture that prioritizes efficient, secure software updates and patch management across deployed systems
Establish incident playbooks and coordinate root cause analysis (RCA) for reported security incidents
Work with DevSecOps and Software Engineers to review code static analysis and third-party software assessment reports

Qualification

CybersecurityRisk AssessmentFDA RegulationsSecurity FrameworksScriptingSecurity CertificationsCloud SolutionsDocumentation WritingInterpersonal SkillsCross-functional Collaboration

Required

Bachelor's or Master's degree in Computer Science, Cybersecurity, or related engineering equivalent
Minimum of 8 - 12 years of professional experience in product security/cybersecurity engineering
Demonstrated competency in Cybersecurity education and training through certifications (e.g., CISSP, CompTIA Security+, etc.)
Strong interpersonal skills, with the ability to communicate cybersecurity concepts to a variety of audiences
Skilled in working within cross-functional groups
Skilled in performing Risk Assessment and Management plan
Skilled in writing design documentation and standard operating procedures
Experience working in an FDA regulated environment is required
Thorough familiarity with FDA and other regulatory body Cybersecurity Guidelines and cybersecurity standards such as NIST, AAMI, CSLI, UL, BSI, HIPAA, GDPR, State and Federal security standards, and ACTS for premarket and post-market activities
Strong verbal & written communication skills
Familiarity with Windows OS and cloud-based solutions is required
Expertise with security frameworks and testing tools, and how to incorporate the results of those into cybersecurity requirements for the Product Development team
Proficiency in scripting and simple test automation (e.g., PowerShell, Python)

Preferred

Collaborate with Program Management and Regulatory teams to provide security input for audits and FDA submissions
Maintain current knowledge of FDA and other regulatory body's cybersecurity guidance and standards, such as ISO, IEC, NIST, AAMI, CSLI, UL, BSI, HIPAA, GDPR, State and Federal security standards, and ACTS for premarket and post-market activities
Assist in translating cybersecurity requirements into product requirements for new and existing product designs, as well as assisting with the definition of verifications for traceability
Assist with efforts to establish penetration testing suites for continuous testing and monitoring of our product solution

Benefits

Comprehensive training when you join as well as continued development and training throughout your career

Company

Hologic, Inc.

twittertwittertwitter
Glassdoor3.8
company-logo
We’re an innovative medical technology company whose purpose is to enable healthier lives everywhere, every day.
dateFounded in 1985
location
Marlborough, Massachusetts, USA
people-size5001-10000 employees
web-link
http://www.hologic.com

H1B Sponsorship

Hologic, Inc. has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (31)
2024 (20)
2023 (15)
2022 (32)
2021 (20)
2020 (14)

Funding

Current Stage
Public Company
Total Funding
$2.87B
2025-10-21Private Equity
2025-10-21Acquired
2025-07-15Post Ipo Debt· $2.42B

Leadership Team

leader-logo
Stephen MacMillan
Chairman President & CEO
linkedin
leader-logo
Karen Harrington
Director Scientific Affairs
linkedin

Recent News

PR Newswire
Halper Sadeh LLC Encourages HOLX, VTYX, QRVO, TEX Shareholders to Contact the Firm to Discuss Their Rights
2026-01-09
PR Newswire
Hologic Investor Alert: Kahn Swick & Foti, LLC Investigates Adequacy of Price and Process in Proposed Sale of Hologic, Inc. - HOLX
2026-01-08
Zawya.com
Refinancing dominates EMEA loan market in bumper year: IFR
2026-01-08
Company data provided by crunchbase