Lead Software Engineer Product Security and DevOps

Job Function: Lead Software Engineer
Job Family: Software Engineering
Job Level: P17

Job Summary:
The Lead Software Engineer is a senior individual contributor role focused on building secure reliable and maintainable software products in a regulated medical product environment. The role combines product security hands-on software development and DevOps practices with an expected focus of approximately 50% Product Security 30% Software Development and 20% DevOps. The engineer will help embed security into the software development lifecycle contribute to product code and technical design and support automation CI/CD and release readiness activities. This role is best suited for a strong software engineer who has practical security knowledge and can partner with engineering quality regulatory and cybersecurity teams to deliver secure and compliant products.

Key Responsibilities:

• Product Security Engineering: Support secure software development practices across product teams including security requirements analysis threat modeling secure design review secure coding guidance vulnerability assessment and security validation. Help teams identify prioritize and remediate security risks in product software APIs cloud-connected components databases and supporting engineering environments.
• Security Testing and Vulnerability Management: Perform or support security testing activities such as static analysis dynamic analysis software composition analysis dependency review basic penetration testing support and vulnerability triage. Work with engineering teams to define remediation actions verify fixes and maintain clear evidence for closure.
• Software Development: Design develop debug test and maintain product software and supporting engineering components using languages such as Java C C or Python. Contribute to technical design code reviews defect resolution and product improvements with a focus on security quality reliability and maintainability.
• DevOps and Automation: Support CI/CD pipelines build and release automation source control workflows automated testing and integration of security checks into engineering pipelines. Help improve deployment confidence traceability and engineering efficiency through practical automation and tooling.
• Documentation and Compliance Support: Prepare and maintain required engineering and security documentation such as threat models security assessment summaries test evidence design notes vulnerability records and remediation reports. Support compliance expectations aligned with applicable product security quality and regulatory frameworks.
• Cross-Functional Collaboration: Partner with software systems quality regulatory DevOps and cybersecurity stakeholders to communicate risks recommend practical solutions and drive security and engineering improvements through the development lifecycle.
• Continuous Improvement: Identify opportunities to improve secure development practices automation code quality testing depth and release readiness. Mentor engineers on secure coding vulnerability remediation and practical DevSecOps adoption.

Education and Experience:

• Education: Bachelors degree in Computer Science Software Engineering or a related technical field is required.
• Experience: 8 years of professional experience in software development product security DevOps or related engineering roles. The ideal candidate should have a strong software engineering foundation with practical exposure to secure software development and engineering automation.
• Core Technical Skills: Hands-on experience in at least one major programming language such as Java C C or Python. Working knowledge of secure coding practices vulnerability remediation source control CI/CD concepts and common software development tools is required.
• Preferred Skills: Experience with regulated product development medical device software cloud platforms container technologies observability tools or security testing tools is preferred but not mandatory.

Role Competencies Requirements:

• Product Security: Working knowledge of secure SDLC practices threat modeling secure design review secure coding vulnerability assessment and remediation. Familiarity with OWASP Top 10 common vulnerability types and security testing concepts is expected.
• Software Engineering: Strong ability to design code debug test and maintain software. Ability to understand product requirements contribute to technical design perform code reviews and deliver reliable implementations.
• DevOps and Automation: Working knowledge of Git-based workflows CI/CD pipelines build automation automated testing and integration of quality or security checks into development pipelines.
• Systems and Platform Awareness: Basic understanding of operating systems APIs networking databases and cloud or connected software environments. Ability to troubleshoot issues across code build pipelines and supporting environments.
• Regulatory and Quality Mindset: Awareness of documentation traceability risk management and evidence expectations in regulated or quality-driven product development environments. Prior experience with medical device or safety-critical software is a plus.
• Problem Solving: Strong analytical skills with the ability to investigate technical issues assess risk recommend practical solutions and drive issues to closure.
• Collaboration and Communication: Ability to work effectively with software cybersecurity DevOps quality regulatory and product teams. Able to explain technical risks and recommendations clearly to both technical and non-technical stakeholders.