Site icon Nationwide Staffing Agency | Temp & Permanent Placement | Executive Search | Beacon Hill

Product Security Architect (Medical Device)

To Apply for this Job Click Here

Overview

We are seeking a Senior Product Security Architect to lead security architecture and security engineering governance for a medical device dispensing business unit. The dispensing portfolio includes FDA Class I and Class II medical devices and their associated cloud-connected platforms.

This role focuses on risk-based security that ensures patient safety, data protection, and regulatory readiness.

Role Focus

  • Apply risk-proportionate security controls
  • Emphasize secure-by-design and secure-by-default
  • Enable efficient FDA submissions (510(k), De Novo)
  • Balance usability, workflow, and security

Key Responsibilities

Security Architecture & Design

  • Define end-to-end security architecture across devices, applications, and cloud platforms
  • Establish baseline security patterns (authentication, encryption, secure updates)
  • Conduct threat modeling, risk assessments, requirements/controls mapping, and security white papers
  • Lead and drive security design reviews and roadmap mitigations

Secure SDLC

  • Implement a lean Secure SDLC aligned to NIST, OWASP, and BSIMM
  • Integrate SAST, SCA, secrets scanning, container and IaC scanning
  • Define minimum viable security gates

Regulatory & Compliance

  • Support FDA cybersecurity documentation (threat models, SBOMs, risk assessments)
  • Align with IEC 62304 and ISO 14971
  • Ensure audit-ready documentation

Cloud Security

  • Architect secure integrations with cloud platforms
  • Secure device-to-cloud data flows

SBOM & Vulnerability Management

  • Establish SBOM processes (SPDX, CycloneDX)
  • Implement continuous vulnerability monitoring
  • Define risk-based remediation SLAs

Cross-Functional Leadership

  • Collaborate with engineering, quality, regulatory, and product teams
  • Translate security into patient safety and business risk
  • Mentor teams

Required Qualifications

  • 10+ years of cybersecurity experience
  • Experience with FDA Class I and/or Class II medical devices
  • Knowledge of embedded, cloud, and application security
  • Familiarity with FDA submissions

Preferred Qualifications

  • Experience with IoMT ecosystems
  • Knowledge of FDA Cybersecurity Pre- and Post‑Market Guidance, UL 2900, AAMI TIR57/TIR97
  • DevSecOps experience
  • Certifications such as CISSP, CCSP, or CSSLP

Key Competencies

  • Ability to right-size security controls
  • Strong risk-based decision-making skills
  • Ability to communicate effectively across technical and non-technical teams

Success Metrics

  • SBOM completeness
  • Reduction in critical vulnerabilities
  • FDA submission success
  • Time-to-remediate vulnerabilities

Location

Candidates must be located in, or able to work within, the Orange County / San Diego metropolitan area.

SAN-TT1455126_1776273373

To Apply for this Job Click Here

Exit mobile version