Product Cybersecurity Architect
Bausch + Lomb · United States · 3 days ago
RemoteRemoteEngineering$140k–$180k/yrFull-time
About the role
Join the Surgical R&D organization in a role where you will help ensure the cybersecurity, safety, and reliability of innovative surgical products that support patient care.
Responsibilities
- Arcitect and implement a consistent cybersecurity strategy across surgical capital equipment product lines to establish a scalable and secure product ecosystem.
- Embed secure-by-design practices throughout the product lifecycle, providing guidance on secure architecture, threat modeling, design controls, cryptography, and secure communication protocols.
- Lead execution of cybersecurity requirements across development programs, ensuring alignment with regulatory expectations, corporate standards, and product quality objectives.
- Cookordination vulnerability management activities, including intake, triage, risk assessment, remediation tracking, and documentation of product security issues through closure.
- Serve as the Surgical R&D cybersecurity representative for vulnerability disclosure and incident response activities, supporting investigations, impact assessments, root cause analyses, and remediation efforts.
- Partner with engineering teams to implement security testing practices, including SAST, DAST, SCA, penetration testing, and automated security controls within development pipelines.
- Coordinate supplier and third-party security initiatives by defining security requirements, managing software supply chain risks, and maintaining Software Bill of Materials (SBOM) processes.
- Collaborate with Quality, Regulatory Affairs, IT, and Corporate Product Security teams to ensure compliance with evolving cybersecurity regulations and industry standards while enabling efficient product delivery.
Requirements
- Required Education & Experience: Bachelor's degree in Engineering, Computer Science, Cybersecurity, or a related technical discipline. 7+ years of experience in product security, application security, medical device cybersecurity, or software security within a regulated environment.
- Demonstrated experience supporting or leading cybersecurity activities for medical device or other regulated product development programs.
- Strong communication, collaboration, stakeholder management, and problem-solving skills.
- Ability to translate technical cybersecurity risks into clear, actionable guidance for engineering, quality, and regulatory stakeholders.
Qualifications
- Specialized Technical, Regulatory & Industry Skills & Knowledge: Strong expertise in secure product design, threat modeling, vulnerability management, and secure software development practices.
- Working knowledge of connected device security, embedded systems, and software-enabled product architectures.
- Experience with security testing tools and methodologies, including SAST, DAST, SCA, and penetration testing.
- Understanding of software supply chain security practices, including SBOM development and third-party risk management.
- Experience working across cross-functional and global teams to drive cybersecurity outcomes and influence stakeholders without direct authority.
- Knowledge of secure development lifecycle (SDLC) frameworks, vulnerability disclosure processes, and product incident response activities.
- Familiarity with cybersecurity governance, risk assessment, and compliance processes within regulated industries.
Skills
- Advanced degree in Cybersecurity, Computer Science, Engineering, or a related field.
- Relevant industry certifications such as CISSP, CSSLP, OSCP, GWAPT, or equivalent.
- Experience in medical device, healthcare, or other regulated industries, and/or working within a quality-managed or GxP regulated environment.
- Working knowledge of medical device cybersecurity regulations and standards (e.g., FDA premarket/post market guidance, IEC 81001-5-1, AAMI TIR57, UL 2900, NIST frameworks).
- Experience developing cybersecurity documentation to support regulatory submissions and audits.
Benefits
- Employee Benefits: Bausch + Lomb Applicants must be authorized to work for ANY employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa at this time.