Product Security Engineer
Apply NowCompany: Align Technology, Inc
Location: Morrisville, NC 27560
Description:
Product Security Engineer
Department: R&D
Employment Type: Full Time
Location: US-North Carolina-Raleigh
Reporting To: Sr. Manager, Product Security
Description
Align is looking for a Product Security Engineer in Technology Governance and Compliance for our Raleigh location. The Product Security Engineer should have exceptional skills with privacy and security by design, formal standards documentation, information security or application security, product development life cycle for medical devices, and experience with risk management and project management. This role will report directly to the Senior Manager, Product Security and will collaborate with the Information Security, Technology Governance, Risk, and Compliance, Regulatory Affairs and Quality Assurance, and Product Research and Development teams to ensure every medical device both hardware and software launched is as secure as it can be and increasing the assurance levels of security in the infrastructure underlying all our products. This team will also focus on increasing the capabilities of each product team to develop more secure products by design and by default, from patterns, tools and frameworks to increasing the skill level of development teams. In this role, you will analyze data, surface trends, and ensure compliance of product security regulatory requirements for software in a medical device or software as a medical device.
Key Responsibilities
Skills Knowledge & Expertise
Requirements:
Department: R&D
Employment Type: Full Time
Location: US-North Carolina-Raleigh
Reporting To: Sr. Manager, Product Security
Description
Align is looking for a Product Security Engineer in Technology Governance and Compliance for our Raleigh location. The Product Security Engineer should have exceptional skills with privacy and security by design, formal standards documentation, information security or application security, product development life cycle for medical devices, and experience with risk management and project management. This role will report directly to the Senior Manager, Product Security and will collaborate with the Information Security, Technology Governance, Risk, and Compliance, Regulatory Affairs and Quality Assurance, and Product Research and Development teams to ensure every medical device both hardware and software launched is as secure as it can be and increasing the assurance levels of security in the infrastructure underlying all our products. This team will also focus on increasing the capabilities of each product team to develop more secure products by design and by default, from patterns, tools and frameworks to increasing the skill level of development teams. In this role, you will analyze data, surface trends, and ensure compliance of product security regulatory requirements for software in a medical device or software as a medical device.
Key Responsibilities
- Coordinate with cross-functional teams for medical device security requirements throughout the total product lifecycle such as risk assessment, security testing (SAST, DAST, SCA, penetration testing), and publication of product security collaterals.
- Perform and participate in medical device security risk assessments to include threat modeling, security design controls, mitigations, and publication of assessment reports.
- Support Regulatory Affairs and Quality Assurance teams with regulatory submissions to include US FDA, EU MDR, China NMPA and other international regulatory bodies.
- Active engagement with development teams to include review of architecture flows, data flows, and system or software design requirements for compliance with product security regulatory requirements for medical devices.
- Assess conformance with monitoring and reporting of product security vulnerability management through vulnerability scans, customer complaints, and third parties.
Skills Knowledge & Expertise
- To be an independent self-directed worker with experience using soft power to navigate obstacles.
- Excellent verbal and written communication skills comfortable interacting at all levels of the organization.
- Effective problem-solving skills with particular emphasis on root cause analysis with attention to details.
- Demonstrated project management and decision-making skills.
- Experience with regulatory compliance and submissions.
- An appetite for new technology knowledge, especially in medical device security, and the ability to research, understand, and apply new information to confirm with regulatory requirements.
- Ability to work as a team player to achieve individual and company success.
Requirements:
- Bachelor (undergraduate) degree in a relevant field (Cybersecurity/Security, Software Engineer, Computer Engineer, Biomedical Engineer, Risk Management, or others) OR an equivalent combination of education, training, and experience in the medical device industry, preferably with software in a medical device or software as a medical device.
- Minimum of 5 years of professional experience with any combination of at least 2 technical disciplines, including the following: application security, medical device security, risk management, biomedical engineering, medical device design (SiMD/SaMD), and cloud security
- Thorough knowledge of application of risk management to medical devices (ISO 14971), medical device quality management requirements (ISO 13485); and Medical Device Software - Software Life Cycle (ISO 62304) processes