SIGN IN
Lead Product Security Engineer - Medical Device (No C2C/No Sponsorship/No 1099) jobs in United States
cer-icon
Apply on Employer Site
company-logo

Randstad USA · 2 days ago

Lead Product Security Engineer - Medical Device (No C2C/No Sponsorship/No 1099)

positionMarlborough, MA
timeContract
remoteHybrid
seniorityLead/Staff
money$66/hr - $86/hr
date8+ years exp
Randstad USA is seeking a Lead Product Security Engineer to join their Software Engineering (R&D) department in the Diagnostics division. The role focuses on enhancing security in medical products and services, ensuring compliance with industry standards and FDA requirements throughout the product lifecycle.
ConsultingHuman ResourcesInformation TechnologyRecruiting
badNo H1Bnote

Responsibilities

Participate in continuous improvement of our Secure by Design principles and implementation, ensuring adherence to security standards and best practices
Design architecture that prioritizes efficient, secure software updates and patch management across deployed systems
Establish incident playbooks and coordinate root cause analysis (RCA) for reported security incidents
Leveraging industry standard methodologies to apply threat modeling to our medical products (e.g., STRIDE, PASTA)
Support the creation and maintenance of security design documentation and architecture diagrams
Collaborate with cross-functional teams (Product Engineering, DevSecOps, Regulatory, Quality) to integrate security into the product lifecycle
Define security requirements and controls based on specific use cases and threat models
Establish automated processes for vulnerability scanning and perform regular risk analyses to evaluate security threats and vulnerabilities, prioritizing uncontrolled risks with potential impacts on patient safety, leveraging CVSS as the baseline
Work with cross-functional teams to ensure that SBOMs are correct and can be used as part of our continuous vulnerability monitoring process
Work with DevSecOps and Software Engineers to review code static analysis and third-party software assessment reports

Qualification

Product security engineeringCybersecurity frameworksRisk assessmentScripting automationMedical device securityWindows OSLinux OSNetworking protocolsDesign documentationInterpersonal skillsCross-functional collaboration

Required

Bachelor's or Master's degree in Computer Science, Cybersecurity, or related engineering equivalent
Minimum of 8 - 12 years of professional experience in product security/cybersecurity engineering
Strong interpersonal skills, with the ability to communicate cybersecurity concepts to a variety of audiences
Skilled in working within cross-functional groups
Skilled in performing Risk Assessment and Management plan
Skilled in writing design documentation and standard operating procedures
Experienced in Windows OS and LINUX, including implementing system hardening, is required
Experienced in networking devices (e.g., switches, routers, firewalls) and protocols (e.g., TCP/IP)
Expertise with security frameworks and testing tools, and how to incorporate the results of those into cybersecurity requirements for the Product Development team
Proficiency in scripting and simple test automation (e.g., PowerShell, Python)

Preferred

Participate in continuous improvement of our Secure by Design principles and implementation, ensuring adherence to security standards and best practices
Design architecture that prioritizes efficient, secure software updates and patch management across deployed systems
Establish incident playbooks and coordinate root cause analysis (RCA) for reported security incidents
Leveraging industry standard methodologies to apply threat modeling to our medical products (e.g., STRIDE, PASTA)
Support the creation and maintenance of security design documentation and architecture diagrams
Collaborate with cross-functional teams (Product Engineering, DevSecOps, Regulatory, Quality) to integrate security into the product lifecycle
Define security requirements and controls based on specific use cases and threat models
Establish automated processes for vulnerability scanning and perform regular risk analyses to evaluate security threats and vulnerabilities, prioritizing uncontrolled risks with potential impacts on patient safety, leveraging CVSS as the baseline
Work with cross-functional teams to ensure that SBOMs are correct and can be used as part of our continuous vulnerability monitoring process
Work with DevSecOps and Software Engineers to review code static analysis and third-party software assessment reports
Collaborate with Program Management and Regulatory teams to provide security input for audits and FDA submissions
Thorough familiarity with FDA and other regulatory body Cybersecurity Guidelines and cybersecurity standards such as NIST, AAMI, CSLI, UL, BSI, HIPAA, GDPR, State and Federal security standards, and ACTS for premarket and post-market activities
Assist in translating cybersecurity requirements into product requirements for new and existing product designs, as well as assisting with the definition of verifications for traceability
Assist with efforts to establish penetration testing suites for continuous testing and monitoring of our product solution

Company

Randstad USA

twittertwittertwitter
Glassdoor3.8
company-logo
Randstad US is a wholly owned subsidiary of Randstad Holding nv, a global provider of human resources solutions.
dateFounded in 1998
location
Atlanta, Georgia, USA
people-size1001-5000 employees
web-link
http://randstadusa.com

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Lindsay Bennett
Executive Business Partner to CEO, North America
linkedin
leader-logo
Traci Fiatte
CEO, Professional and Commercial Staffing
linkedin

Recent News

TecHR
Talent Trade-offs Revealed: U.S. Workers Won’t Trade Employability for Remote Work
2025-06-04
PR Newswire
Randstad US appoints Jason Flanders as President of Professional Talent Solutions
2025-02-18
PR Newswire
Randstad USA Reveals the Best Jobs for 2025
2025-02-06
Company data provided by crunchbase