Product Security Architect (Medical Device)
About the Role
To Apply for this Job Click Here
Overview
We are seeking a Senior Product Security Architect to lead security architecture and security engineering governance for a medical device dispensing business unit. The dispensing portfolio includes FDA Class I and Class II medical devices and their associated cloud-connected platforms.
This role focuses on risk-based security that ensures patient safety, data protection, and regulatory readiness.
Role Focus
- Apply risk-proportionate security controls
- Emphasize secure-by-design and secure-by-default
- Enable efficient FDA submissions (510(k), De Novo)
- Balance usability, workflow, and security
Key Responsibilities
Security Architecture & Design
- Define end-to-end security architecture across devices, applications, and cloud platforms
- Establish baseline security patterns (authentication, encryption, secure updates)
- Conduct threat modeling, risk assessments, requirements/controls mapping, and security white papers
- Lead and drive security design reviews and roadmap mitigations
Secure SDLC
- Implement a lean Secure SDLC aligned to NIST, OWASP, and BSIMM
- Integrate SAST, SCA, secrets scanning, container and IaC scanning
- Define minimum viable security gates
Regulatory & Compliance
- Support FDA cybersecurity documentation (threat models, SBOMs, risk assessments)
- Align with IEC 62304 and ISO 14971
- Ensure audit-ready documentation
Cloud Security
- Architect secure integrations with cloud platforms
- Secure device-to-cloud data flows
SBOM & Vulnerability Management
- Establish SBOM processes (SPDX, CycloneDX)
- Implement continuous vulnerability monitoring
- Define risk-based remediation SLAs
Cross-Functional Leadership
- Collaborate with engineering, quality, regulatory, and product teams
- Translate security into patient safety and business risk
- Mentor teams
Required Qualifications
- 10+ years of cybersecurity experience
- Experience with FDA Class I and/or Class II medical devices
- Knowledge of embedded, cloud, and application security
- Familiarity with FDA submissions
Preferred Qualifications
- Experience with IoMT ecosystems
- Knowledge of FDA Cybersecurity Pre- and Post‑Market Guidance, UL 2900, AAMI TIR57/TIR97
- DevSecOps experience
- Certifications such as CISSP, CCSP, or CSSLP
Key Competencies
- Ability to right-size security controls
- Strong risk-based decision-making skills
- Ability to communicate effectively across technical and non-technical teams
Success Metrics
- SBOM completeness
- Reduction in critical vulnerabilities
- FDA submission success
- Time-to-remediate vulnerabilities
Location
Candidates must be located in, or able to work within, the Orange County / San Diego metropolitan area.
SAN-TT1455126_1776273373
To Apply for this Job Click Here
Excited about this job?
Don’t wait — Step into a role that matches your potential!
Explore Similar Roles
See more jobs like this in your inbox weekly.
Share this Role
Other jobs you might like...
What job seekers like you say about working with Beacon Hill…
Substance. Scale. Synchrony.
Beacon Hill is an Equal Opportunity Employer that values the strength diversity brings to the workplace. Individuals with Disabilities and Protected Veterans are encouraged to apply.
Founded by industry leaders to set a new standard in search, career placement and flexible staffing, we deliver coordinated staffing solutions with unparalleled service, and a passion for innovation, creativity and continuous improvement.
Our niche brands offer a complete suite of staffing services to emerging growth companies and the Fortune 500 across market sectors, career specialties/disciplines and industries. Over time, office locations, specialty practice areas and service offerings will be added to address ever changing constituent needs.
We look forward to working with you.