Jobs · Information Technology · Massachusetts

Principal Product Cybersecurity Engineer (Boston Hybrid - 3 days on site)

Haemonetics · Boston, MA · 1 wk ago
Information Technology$104k–$176k/yrFull-time

Key Responsibilities

  • Secure Product Development & SaMD Security
  • Embed security into the medical device and SaMD SDLC, including secure design reviews, threat modeling, and security requirements definition.
  • Perform threat modeling and architecture reviews for: Device software and firmware, Cloud-connected services and APIs, Mobile and web applications supporting medical devices.
  • Define and validate security controls for authentication, authorization, encryption, and data protection in patient-impacting systems.
  • Partner with Quality and Regulatory teams to ensure cybersecurity requirements are documented, traceable, and auditable. Cloud & Backend Product Security (AWS)
  • Secure AWS-hosted product backends supporting medical devices and SaMD.
  • Design and review security architectures using AWS services.
  • Implement product-focused logging, monitoring, and threat detection.
  • DevSecOps & Supply Chain Security
  • Integrate security testing into CI/CD pipelines, including SAST, DAST, dependency scanning, container scanning, and secrets detection.
  • Establish and maintain SBOM practices and third-party component governance for medical device software.
  • Define and enforce secure standards for container images, including hardening, scanning, signing, and runtime protections.
  • Support secure build, artifact signing, and release integrity controls.
  • Vulnerability Management & Post-Market Cybersecurity
  • Support product vulnerability intake, triage, and remediation across device software and cloud services.
  • Assist with vulnerability disclosure, security advisories, and post-market cybersecurity activities.
  • Collaborate with incident response teams to investigate and contain product-related security events.
  • Technical Leadership
  • Serve as the product security subject matter expert for engineering teams.
  • Mentor engineers and influence secure design decisions through practical guidance and standards.
  • Drive continuous improvement in product security maturity and resilience.

Required Qualifications

  • 10+ years of experience in cybersecurity engineering with a strong focus on product and application security.
  • Direct experience securing medical devices, connected devices, or SaMD in a regulated healthcare environment.
  • Strong understanding of: Secure SDLC and DevSecOps practices, Threat modeling methodologies, OWASP Top 10 and API security risks.
  • Hands-on experience with AWS cloud security in support of products and services.
  • Familiarity with healthcare and product security frameworks, including NIST CSF/800-53 and ISO 27001.
  • Ability to work effectively across Engineering, Quality, Regulatory, and Product teams.

Preferred Qualifications

  • Experience with medical device standards and guidance, including: IEC 62304, ISO 14971, ISO 13485, FDA cybersecurity expectations, UL 2900, AAMI TIR57/TIR97, EU MDR and IEC 81001‑5‑1.
  • Exposure to CSPM, CIEM, or cloud workload protection platforms.
  • Certifications (One or More Required): CISSP (ISC²) or CISM (ISACA), CompTIA Security+, CySA+, GIAC certifications (e.g., GSEC, GWAPT, GPEN).
  • Experience with AWS Certified Security – Specialty, CCSP (ISC²).
  • Tools & Technologies: Cloud: AWS (IAM, VPC, ECS, Lambda, S3, RDS, KMS, CloudTrail, GuardDuty), Product Security: Veracode - SAST/DAST, dependency & container scanning, SBOM, DevOps: AWS CI/CD pipelines, Infrastructure as Code (Terraform).

Similar jobs