Engineer 4 - Pioneer Data Systems
Raynham, MA 02767
About the Job
Position Details:
Our client, a world-leading Pharmaceutical Company in Raynham, MA is currently looking for an Embedded Software Security Engineer to join their expanding team.
Job Title: Embedded Software Security Engineer / Medical Devices / REMOTE WORK
Duration: 10 months contract, extendable up to 24 months
Location: Remote Worker
Client Location: Raynham, MA
Note:
The client has the right-to-hire you as a permanent employee at any time during or after the end of the contract.
You may participate in the company group medical insurance plan
Job Description:
Job Title: Product Security Engineer (Medical Devices & Embedded Systems)
Location:
Remote
Summary:
The Product Security Engineer will be responsible for the implementation of client's enterprise Product Security strategy and framework throughout the orthopedics portfolio. This includes identifying key strategy and goals, collaborating with internal organizations to enhance existing processes and policies, creating and communicating metrics to senior management, and driving overall awareness of the capability.
Specific responsibilities include supporting Client and R&D teams throughout new product development phases, reviewing product security requirements, and recommending security design solutions.
The role also involves assisting with the completion of Quality documentation, performing threat modeling, penetration testing, software architecture review, and providing design recommendations.
The engineer will conduct code analysis and other security testing as needed. Additionally, post-market responsibilities for Client marketed devices include monitoring for new vulnerabilities, assisting with patching and remediation plans, and responding to customer security questionnaires and reviewing security language within contractual agreements.
Key Responsibilities:
Support Global Product Security Framework:
Contribute to and enhance the global security strategy, frameworks, and initiatives to ensure embedded medical devices are developed with the highest security standards.
Collaboration & Process Improvement:
Partner with internal organizations (engineering, product management, compliance) to improve existing security processes and policies related to medical device development and post-market support.
Metrics & Reporting:
Create, track, and present Product Security metrics to senior management, providing insights into security posture and progress towards goals.
Governance & Compliance:
Help carry out the Product Security governance model for both pre-market and post-market devices, ensuring compliance with regulatory standards (FDA, 510k, etc.) and industry best practices.
Vulnerability Management & Remediation:
Manage and prioritize vulnerabilities across the product portfolio, assisting engineering teams in developing and executing effective remediation plans.
Due Diligence & Threat Modeling:
Conduct due diligence activities, threat modeling, and risk assessments for new and existing products to identify potential security gaps.
Secure Software Development:
Provide recommendations on secure coding practices, review code, and advise engineering teams on securing embedded applications (e.g., C/C++, C#).
Customer & Vendor Interactions:
Respond to customer security questionnaires, contractual language requirements, and ensure compliance with relevant security standards.
Security Awareness & Communication:
Lead and deliver Product Security awareness campaigns, training, and communications across the organization.
Post-Market Security Activities:
Monitor and respond to new vulnerabilities in Client marketed devices, assist with patching and remediation efforts, and collaborate on customer security questionnaires and contractual obligations.
Other Duties:
Perform additional security-related tasks as assigned.
Qualifications:
Education:
Minimum of a Bachelor's degree in Computer Science, Engineering, or a related field is required; MS or advanced degree is preferred.
Experience: A minimum of 6 years in security and/or embedded software engineering functions, with a focus on product security in regulated environments (medical devices is a plus).
Technical Skills:
In-depth knowledge of real-time operating systems (e.g., QNX, Linux, Windows Embedded) and hardening techniques.
Strong understanding of embedded systems security, including secure software development, secure coding practices, and vulnerability management.
Experience with vulnerability scanning, penetration testing, and risk assessment tools (CVSS, OWASP, etc.).
Proficiency in at least one programming language (e.g., C, C++, C#) and experience with secure code reviews.
Knowledge of Software Bill of Materials (SBOM) and how it relates to security and compliance.
Security & Regulatory Expertise:
Understanding of medical device security requirements, including FDA regulations, 510k submissions, and Quality Design Control processes.
Familiarity with threat modeling, risk management frameworks, and vulnerability management for medical devices.
Communication & Leadership Skills:
Strong interpersonal and collaboration skills with the ability to communicate complex technical concepts to non-technical stakeholders.
Proven ability to influence cross-functional teams to drive security improvements and achieve desired outcomes.
Experience creating and presenting security metrics and reports to senior management.
Certifications (preferred, not required):
CISSP, CEH, MCSD, CSSLP, or similar security certifications.
Additional Skills:
Familiarity with cloud-based IoT solutions is preferred.
Creative problem-solving skills with a customer-focused mindset (both internal and external).
A strategic thinker with strong attention to detail and the ability to align tactical initiatives with broader organizational goals.
Our client, a world-leading Pharmaceutical Company in Raynham, MA is currently looking for an Embedded Software Security Engineer to join their expanding team.
Job Title: Embedded Software Security Engineer / Medical Devices / REMOTE WORK
Duration: 10 months contract, extendable up to 24 months
Location: Remote Worker
Client Location: Raynham, MA
Note:
The client has the right-to-hire you as a permanent employee at any time during or after the end of the contract.
You may participate in the company group medical insurance plan
Job Description:
Job Title: Product Security Engineer (Medical Devices & Embedded Systems)
Location:
Remote
Summary:
The Product Security Engineer will be responsible for the implementation of client's enterprise Product Security strategy and framework throughout the orthopedics portfolio. This includes identifying key strategy and goals, collaborating with internal organizations to enhance existing processes and policies, creating and communicating metrics to senior management, and driving overall awareness of the capability.
Specific responsibilities include supporting Client and R&D teams throughout new product development phases, reviewing product security requirements, and recommending security design solutions.
The role also involves assisting with the completion of Quality documentation, performing threat modeling, penetration testing, software architecture review, and providing design recommendations.
The engineer will conduct code analysis and other security testing as needed. Additionally, post-market responsibilities for Client marketed devices include monitoring for new vulnerabilities, assisting with patching and remediation plans, and responding to customer security questionnaires and reviewing security language within contractual agreements.
Key Responsibilities:
Support Global Product Security Framework:
Contribute to and enhance the global security strategy, frameworks, and initiatives to ensure embedded medical devices are developed with the highest security standards.
Collaboration & Process Improvement:
Partner with internal organizations (engineering, product management, compliance) to improve existing security processes and policies related to medical device development and post-market support.
Metrics & Reporting:
Create, track, and present Product Security metrics to senior management, providing insights into security posture and progress towards goals.
Governance & Compliance:
Help carry out the Product Security governance model for both pre-market and post-market devices, ensuring compliance with regulatory standards (FDA, 510k, etc.) and industry best practices.
Vulnerability Management & Remediation:
Manage and prioritize vulnerabilities across the product portfolio, assisting engineering teams in developing and executing effective remediation plans.
Due Diligence & Threat Modeling:
Conduct due diligence activities, threat modeling, and risk assessments for new and existing products to identify potential security gaps.
Secure Software Development:
Provide recommendations on secure coding practices, review code, and advise engineering teams on securing embedded applications (e.g., C/C++, C#).
Customer & Vendor Interactions:
Respond to customer security questionnaires, contractual language requirements, and ensure compliance with relevant security standards.
Security Awareness & Communication:
Lead and deliver Product Security awareness campaigns, training, and communications across the organization.
Post-Market Security Activities:
Monitor and respond to new vulnerabilities in Client marketed devices, assist with patching and remediation efforts, and collaborate on customer security questionnaires and contractual obligations.
Other Duties:
Perform additional security-related tasks as assigned.
Qualifications:
Education:
Minimum of a Bachelor's degree in Computer Science, Engineering, or a related field is required; MS or advanced degree is preferred.
Experience: A minimum of 6 years in security and/or embedded software engineering functions, with a focus on product security in regulated environments (medical devices is a plus).
Technical Skills:
In-depth knowledge of real-time operating systems (e.g., QNX, Linux, Windows Embedded) and hardening techniques.
Strong understanding of embedded systems security, including secure software development, secure coding practices, and vulnerability management.
Experience with vulnerability scanning, penetration testing, and risk assessment tools (CVSS, OWASP, etc.).
Proficiency in at least one programming language (e.g., C, C++, C#) and experience with secure code reviews.
Knowledge of Software Bill of Materials (SBOM) and how it relates to security and compliance.
Security & Regulatory Expertise:
Understanding of medical device security requirements, including FDA regulations, 510k submissions, and Quality Design Control processes.
Familiarity with threat modeling, risk management frameworks, and vulnerability management for medical devices.
Communication & Leadership Skills:
Strong interpersonal and collaboration skills with the ability to communicate complex technical concepts to non-technical stakeholders.
Proven ability to influence cross-functional teams to drive security improvements and achieve desired outcomes.
Experience creating and presenting security metrics and reports to senior management.
Certifications (preferred, not required):
CISSP, CEH, MCSD, CSSLP, or similar security certifications.
Additional Skills:
Familiarity with cloud-based IoT solutions is preferred.
Creative problem-solving skills with a customer-focused mindset (both internal and external).
A strategic thinker with strong attention to detail and the ability to align tactical initiatives with broader organizational goals.
Source : Pioneer Data Systems