Product Security Manager

TL;DR

Product Security Manager: Ensuring robust protection of patient data, device integrity, and regulatory compliance across the product lifecycle with an accent on FDA cybersecurity requirements, CSRAs, and threat modeling for medical device hardware, firmware, software, and cloud components. Focus on building security documentation, managing SBOM and data flow diagrams, coordinating vulnerability management and remediation, and supporting incident response while partnering with engineering, product management, regulatory, quality, and privacy teams.

Company

hirify.global is a digital healthcare company building trusted solutions to detect, predict, and prevent disease using wearable biosensors and cloud-based analytics.

What you will do

• Ensure FDA cybersecurity compliance by partnering with Cybersecurity, Regulatory, Quality, and Systems Development teams.
• Conduct security risk assessments, including Cybersecurity Risk Assessments (CSRAs), across device hardware, firmware, software, and cloud components.
• Develop and maintain device-specific cyber threat models, including data privacy, patient safety, and operational continuity considerations.
• Manage SBOM and produce security documentation for pre- and post-market activities, supported by data flow diagrams.
• Participate in security design reviews and provide actionable security requirements for medical device architectures and implementations.
• Coordinate vulnerability analysis and vulnerability management (scanning, patching, remediation), and support investigation and remediation of device-related security incidents.

Requirements

• 6+ years of information security experience with direct focus on product security for medical devices.
• Demonstrated experience conducting Cybersecurity Risk Assessments (CSRAs), vulnerability analysis, and working with threat detection tools (e.g., Veracode, Snyk, GitLab or equivalent).
• Strong familiarity with NIST cybersecurity frameworks and controls, including NIST SP 800-171, NIST SP 800-53, NIST SP 800-92, and NIST SP 800-63.
• Hands-on experience with vulnerability identification and threat modeling in healthcare using methodologies such as STRIDE.
• Experience operating in a regulated environment (FDA, HIPAA, GDPR, and international regulatory frameworks) and supporting 510(k) submissions with product security documentation and risk assessments.
• Experience with medical device hardware and/or Software as a Medical Device (SaMD), plus medical device software development and regulatory processes.

Culture & Benefits

• Remote work based in the US.
• Estimated pay range: $127,000.00–$165,000.00 (final compensation may vary by factors including work location).
• Inclusive workforce and equal opportunity employer.
• Reasonable accommodations available for qualified applicants with disabilities during the application process.

Hiring process

• Interviews and hiring communications come from an @hirify.globaltech.com email address.
• Written offers are extended via a formal offer letter from an @hirify.globaltech.com email address.