Senior Product Security Engineer (Medical Devices)

TL;DR

Senior Product Security Engineer (Medical Devices): Ensuring protection of patient data and device integrity for cardiac health solutions with an accent on FDA cybersecurity compliance and risk management. Focus on conducting Cybersecurity Risk Assessments (CSRAs), developing threat models using STRIDE, and ensuring regulatory alignment across hardware and cloud components.

Location: Remote (US)

Salary: $127,000 - $165,000

Company

hirify.global is a leading digital healthcare company creating wearable biosensors and cloud-based analytics to detect, predict, and prevent cardiac disease.

What you will do

• Ensure compliance with FDA cybersecurity guidance and regulations in collaboration with cross-functional teams.
• Conduct comprehensive Cybersecurity Risk Assessments (CSRAs) for device hardware, firmware, software, and cloud components.
• Develop and maintain device-specific cyber threat models focusing on patient safety, data privacy, and operational continuity.
• Manage Software Bill of Materials (SBOM) and produce detailed data flow diagrams to support threat modeling.
• Perform vulnerability analysis and coordinate the vulnerability management program, including scanning and patching.
• Partner with Privacy teams to ensure strict adherence to HIPAA, GDPR, and other data protection regulations.

Requirements

• 6+ years of experience in information security with a direct focus on product security for medical devices.
• Must be based in the US.
• Bachelor's degree in Computer Science, Information Security, or a related field.
• Proven experience with CSRAs, vulnerability analysis, and tools such as Veracode, Snyk, or GitLab.
• Deep knowledge of NIST Cybersecurity Frameworks (specifically SP 800-171, 800-53, 800-92, and 800-63).
• Experience supporting 510(k) submissions and operating within FDA and HIPAA regulated environments.

Nice to have

• Industry certifications such as CISSP, CISM, or CISA.
• Experience with international standards including EU MDR, JIS T 2304, or IEC 62304.
• Proficiency with penetration testing methodologies and tools.
• Strong programming skills common in medical device development.

Culture & Benefits

• Inclusive workforce that celebrates diverse backgrounds and perspectives.
• Opportunity to work on career-defining technology that meaningfully impacts global cardiac health.
• Rapidly growing company offering significant opportunities for learning and career advancement.
• Flexible remote work arrangement within the US.