Product Security Engineer with Medical Device

Trident Consulting is seeking a  Product Security Engineer for one of our client in  Burlington MA (Hybrid) A global leader in business and technology services.

Please find additional details about the role below:

Job Title: Product Security Engineer

Location: Burlington MA (Hybrid)

Job Type: Full Time

Salary Range: $118K PA to $146K PA with Benefits

Relocation assistance available (up to $10000)

What Youll Do:

The Senior Product Security Engineer based in Burlington Massachusetts is a critical high-level engineering position tasked to leading security efforts across the product lifecycle ensuring products meet regulatory expectations and industry best practices for cybersecurity. This role provides both hands-on technical expertise and cross-functional leadership with influence over product strategy development processes and post-market security posture.

Security Architecture & Requirements

• Define security requirements and risk mitigations for new products and features.
• Translate regulatory and industry security standards (e.g. FDA ISO 27001 NIST OWASP) into actionable product requirements.
• Develop and maintain security architecture diagrams and models for software and integrated systems.

Development Lifecycle Security

• Embed secure development practices (threat modeling secure coding code review standards) into the software development lifecycle.
• Define and support secure CI/CD practices including secrets management dependency management and supply-chain security.
• Partner with DevOps/IT to secure cloud infrastructure build pipelines and deployment environments.

Testing & Validation

• Assist the testing team with security testing efforts for new and on-market products including penetration testing fuzzing and static/dynamic code analysis.
• Update and maintain vulnerability management processes including SBOM creation and maintenance.
• Collaborate with QA to integrate automated security testing into regression and release pipelines.
• Documentation & Compliance
• Generate and maintain pre-market security documentation to support regulatory submissions (e.g. security risk assessments security architecture views threat models FDA cybersecurity guidance compliance).
• Maintain records of vulnerability assessments mitigations and patch processes.
• Support audit and inspection readiness with thorough traceable documentation

Vulnerability & Incident Management

• Manage product vulnerability assessment and mitigation activities both pre-market and post-market.
• Coordinate cross-functional response to newly discovered vulnerabilities including communication remediation and regulatory reporting.
• Track and monitor vulnerability disclosures from third-party libraries and components.

Cross-Functional Leadership

• Act as the security subject matter expert across product teams.
• Provide training and mentoring to engineers on secure design and coding practices.
• Partner with compliance regulatory and quality teams to align product security strategy with organizational goals

How Youll Get There:

• 710 years total professional experience in software engineering cybersecurity or related technical fields.
• 35 years focused on product or embedded system security ideally within regulated or safety-critical industries (medical device aerospace automotive or defense).
• Demonstrated experience with:
• Designing or assessing security architectures for embedded or connected systems.
• Implementing secure development lifecycle (SDL) practices within engineering teams.
• Leading or participating in vulnerability management and coordinated disclosure processes.
• Generating pre-market cybersecurity documentation or equivalent regulatory submissions (e.g. FDA ISO 14971 IEC).
• Collaborating cross-functionally (engineering QA regulatory IT) to implement and sustain security programs.

Preferred

• Prior experience as a product security lead or security point of contact for a commercial medical or industrial product.
• Experience integrating security testing automation into CI/CD environments.
• Experience supporting external audits penetration tests or third-party security assessments.

Core Product Security Knowledge

• Secure system and software design principles (least privilege defense in depth threat modeling zero trust).
• Risk management frameworks: NIST 800-53 NIST 800-30 ISO 27001 ISO 14971 and IEC.
• Cryptography fundamentals (key management TLS symmetric/asymmetric encryption hashing).
• Authentication and authorization mechanisms identity management and secure session handling.
• Secure coding standards (e.g. CERT C/C OWASP MISRA CWE/SANS Top 25).
• Supply chain security concepts and SBOM management (SPDX CycloneDX).

DevOps & Infrastructure Knowledge

• CI/CD security practices secrets management container security (Docker Podman) and artifact signing.
• Common security testing tools: SAST DAST SCA fuzzers and pen-testing frameworks.
• Familiarity with cloud infrastructure (AWS or on-prem Linux environments).
• Incident response and vulnerability disclosure processes.

Regulatory & Documentation Knowledge

• FDA cybersecurity premarket and postmarket guidance.
• Secure update/patch management strategies (aligned with FDA updateability & patchability expectations).
• Audit-ready documentation practices and traceability to design controls.

Minimum

• Bachelors degree in Computer Science Electrical/Computer Engineering Cybersecurity or a related field.

Preferred

• Masters degree in Cybersecurity Software Engineering or Systems Engineering (ideal for regulated product security leadership).

Additional Information :

All your information will be kept confidential according to EEO guidelines.

Remote Work :

No

Employment Type :

Contract