Apply on Employer Site

Arthrex · 7 hours ago

Remote (PST)-Engineer Sr 1 - Embedded Product Security

United States

Full-time

Remote

Senior Level

$100K/yr - $181K/yr

5+ years exp

Arthrex is shaping the future of healthcare by building medical devices. They are seeking a Senior Embedded Product Security Engineer to secure the next generation of connected and IoT medical technology, ensuring every device is secure and trusted while collaborating with product design teams.

Health CareMedical Device

Comp. & Benefits

H1B Sponsor Likely

Responsibilities

Lead and take ownership of product security across a product line

Architect security solutions for embedded systems and IoT devices

Drive security initiatives for advanced technologies - including robotics and AI / Machine Learning driven systems

Hunt vulnerabilities, assess risk, and design countermeasures that keep attackers at bay

Drive Security-by-Design and Privacy-by-Design principles across development

Work closely with Legal, Compliance, Regulatory, and Enterprise IT to align product security with international regulations and organizational policies

Represent Arthrex at premier security events like DEF CON, Black Hat, and Health-ISAC Conferences

Document and champion our Secure Product Development Framework

Designs security architecture of components or functional systems and modifies existing designs to develop or improve products

Recommends alterations to development and design to improve the security of products and/or procedures

Contributes to a broader design perspective and considers how an application interacts with the underlying infrastructure or external resources

Develops threat scenarios and designs responses for associated vulnerabilities to mitigate risk

Maintains design history file for assigned projects, adhering to Arthrex design control procedures

Determines the necessity of security testing and initiates testing of assigned products

Provides Regulatory department technical support for assigned projects as needed

Supports Marketing and Product Management with technical information to be used for training and marketing of assigned products

Supports Software Engineering to design and develop components, processes, and training using Security-by-Design and Privacy-by-Design principles

Supports surgeon and distributor customers in the sales process by educating and demonstrating security-focused aspects of assigned products as needed

Partner with Legal, Compliance, Privacy, and Information Security departments to ensure products and staff comply with required laws, regulations, and policies

Reports progress and status of assigned projects on a timely basis

May be required to travel; International travel may be required

Qualification

Embedded systems securityIoT securityVulnerability testingSecurity architecture designC/C++ programmingPython programmingCISSP certificationOSCP certificationOSWE certificationCSSLP certificationGIAC certificationRisk assessmentThreat modelingRegulatory complianceLeadership skillsCommunication skillsProject managementTeam collaboration

Required

5+ years in cybersecurity-focused positions spanning software engineering, IoT and SCADA environments, regulated industries (medical device/pharma), or hardware security testing

Bachelor's in Software Engineering, Computer Science, Software focused-Cybersecurity, or related field

A proven track record of leading and owning security for products, influencing design decisions and guiding teams through the full product lifecycle—from concept to global launch

Embrace change and ambiguity as opportunities, ensuring security remains a constant in an environment of rapid innovation

Ability to embed security into every phase of development, ensuring compliance, resilience, and innovation

CISSP, OSCP, OSWE, CSSLP, GIAC certifications are a bonus

Securing Embedded systems, firmware, real-time OS (RTOS), IoT lifecycle

Proficiency in advanced application security methodologies (OWASP Top 10, MITRE CWEs and ATT&CK)

Architecture design, threat modeling, and vulnerability mitigations

Demonstrated experience in SBOMs and third-party software risk management, coupled with building automated CI/CD workflows for embedded systems in C/C++ and Python

Preferred

Yocto project knowledge and embedded development processes

Knowledgeable of FDA and ISO guidelines for the development of medical devices

Project management and communication skills

Proficiency in the use of threat scenarios and risk mitigation techniques

Experience in web application security and controls concepts

Experience in embedded system development, IoT lifecycle, real-time operating systems, firmware, RFID, CANbus, WiFi, or Bluetooth LE

Benefits

Medical, Dental and Vision Insurance

Company-Provided Life Insurance

Voluntary Life Insurance

Flexible Spending Account (FSA)

Supplemental Insurance Plans (Accident, Cancer, Hospital, Critical Illness)

Matching 401(k) Retirement Plan

Annual Bonus

Wellness Incentive Program

Gym Reimbursement Program

Tuition Reimbursement Program

Trip of a Lifetime

Paid Parental Leave

Paid Time Off

Volunteer PTO

Employee Assistance Provider (EAP)

Company

Arthrex

Glassdoor4.0

Arthrex is a global medical device company and leader in new product development and medical education in orthopedics.

Founded in 1981

Naples, Florida, USA

10001+ employees

https://www.arthrex.com/

H1B Sponsorship

Arthrex has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (30)

2024 (22)

2023 (13)

2022 (13)

2021 (9)

2020 (12)