Apolis · 1 week ago
Medical Device Cybersecurity Engineer.
Cleveland, OH
Full-time
Onsite
Senior Level, Lead/Staff
$67/hr - $77.50/hr
8+ years expApolis is a company seeking a Medical Device Cybersecurity Engineer to ensure compliance with FDA cybersecurity requirements for medical devices. The role involves supporting risk management activities throughout the device lifecycle and contributing to regulatory submissions and inspections.
ConsultingEnterprise ApplicationsEnterprise Resource Planning (ERP)Information TechnologyIT InfrastructureIT ManagementMobileSoftwareWeb Hosting
Responsibilities
Ensure compliance with FDA medical device cybersecurity requirements, including FDA Premarket Cybersecurity Guidance and FDA Post-market Cybersecurity Guidance
Support cybersecurity content for 510(k) including: Cybersecurity risk assessments, Threat model, Security architecture descriptions, Software Bill of Materials (SBOM), Threat & Vulnerability Assessment
Maintain cybersecurity documentation within the Design History File (DHF) and Risk Management File (RMF)
Support FDA inspections, audits, and responses related to cybersecurity
Perform cybersecurity risk management activities in accordance with ISO 14971
Identify cybersecurity hazards that could lead to patient harm or device malfunction
Define and implement cybersecurity risk controls and verify their effectiveness
Ensure cybersecurity requirements are incorporated into design inputs, design outputs, and design verification and validation activities
Support secure design reviews and change control processes
Monitor and assess cybersecurity vulnerabilities affecting medical devices, including third-party and open-source software
Support coordinated vulnerability disclosure processes in alignment with FDA expectations
Participate in post-market surveillance, complaint handling, and CAPA activities related to cybersecurity
Support incident response activities and field corrective actions as needed
Evaluate and implement security controls, including: Authentication and authorization, Encryption and key management, Secure boot and firmware integrity, Logging and audit trails
Conduct or support penetration testing, threat modeling, and security testing
Assess cybersecurity risks associated with cloud services, mobile applications, and networked medical devices
Review supplier documentation related to cybersecurity and SBOMs
Ensure supplier cybersecurity risks are documented and mitigated per quality system requirements
Qualification
Required
Bachelor's degree in Cybersecurity, Computer Science, Software Engineering, Electrical Engineering, or related field
Minimum 8 years of experience in cybersecurity, with experience in medical devices
Demonstrated knowledge of FDA medical device cybersecurity guidance
Demonstrated knowledge of ISO 13485 and ISO 14971
Experience with cybersecurity risk assessments and regulatory documentation
Preferred
Medical Embedded Devices
VAPT (Hardware, Firmware)
Design History File (DHF)
Risk Management File (RMF) Documentation
Threat Modeling
SAST
DAST
SBOM and SOUP Analysis
SCA
FDA Regulations
510K
Company
Apolis
Apolis is a IT consultancy that offers provides ERP solutions, hosting, assessment, web and mobile, IT staffing and IT workforce solutions.
501-1000 employees
H1B Sponsorship
Apolis has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2023 (15)
2022 (15)
2021 (12)
2020 (122)
Funding
Current Stage
Late StageLeadership Team
Amar Shokeen
President/ CEO
Rita Shokeen
COO
Company data provided by crunchbase