Apply on Employer Site

MicroTransponder · 1 day ago

Principal Cyber Security Engineer

United States

Full-time

Remote

Lead/Staff

8+ years exp

MicroTransponder, Inc. is dedicated to transforming the lives of stroke survivors through its innovative neurostimulation technology. The Principal Cybersecurity Engineer is a senior, hands-on role responsible for architecting, implementing, and operating cybersecurity programs across the corporate IT environment and medical device products. This role involves collaborating with various teams to integrate cybersecurity controls throughout product lifecycles and corporate operations.

Health CareMedicalMedical DeviceNeuroscience

Responsibilities

Design and maintain enterprise cybersecurity architecture, including identity and access management, network security, endpoint protection, and cloud security

Implement and operate security technologies, including SIEM, EDR, vulnerability management, DNS filtering, email security, and network segmentation

Lead incident response, threat hunting, and security automation initiatives to improve detection, response, and recovery capabilities

Establish and lead the product security program for medical devices across their lifecycle in collaboration with R&D, Quality, and Regulatory teams

Conduct security risk assessments, threat modeling, and vulnerability analysis for active implantable medical devices

Facilitate alignment with FDA premarket and postmarket cybersecurity guidance and applicable standards including IEC 81001-5-1, IEC 62443, and ISO 14971

Support postmarket cybersecurity activities, including vulnerability assessment coordinated disclosure, and remediation planning

Develop and maintain cybersecurity policies, procedures, and standards aligned with NIST Cybersecurity Framework, CIS Critical Security Controls, ISO 27001, and medical device regulations

Support regulatory compliance activities related to HIPAA, FDA 21 CFR Part 11, ISO 13485, and IEC 62304

Oversee and guide enterprise patch management practices, including vulnerability prioritization, coordination with IT operations, and validation of remediation for critical systems

Administer and secure the company’s external web hosting environment, including configuration hardening, monitoring, penetration testing, and coordination with hosting vendors

Conduct third-party risk assessments, support internal and external audits, and participate in Design Assurance activities including FMEA

Qualification

Cybersecurity architectureMedical device regulationsSecurity technologiesIncident responseProfessional certificationsCloud securityScripting skillsCross-functional collaborationVulnerability managementSecure SDLC practicesCommunication skills

Required

Bachelor's degree in Cybersecurity, Computer Science, Information Technology, Electrical Engineering, or a related field from an accredited university, or equivalent practical experience

8+ years of progressive cybersecurity experience, with experience in medical devices or other regulated industries strongly preferred

Experience securing enterprise productivity and collaboration environments, including Microsoft 365 and Google Workspace

Deep expertise in enterprise security architecture, identity and access management, cloud security, and security technologies such as SIEM, EDR, vulnerability management, and security driven patching

Experience with product security, medical device regulations including FDA guidance, IEC 81001-5-1, IEC 62443, and ISO 14971, and compliance frameworks such as NIST Cybersecurity Framework, CIS Critical Security Controls, ISO 27001, and HIPAA

Working knowledge of secure software development lifecycle (SDLC) practices

Strong scripting and automation skills (PowerShell, Python, or similar), along with excellent communication skills and the ability to convey technical concepts to non-technical audiences

Demonstrated ability to work effectively with cross-functional teams and manage multiple priorities