Senior Product Cybersecurity Engineer
Samsung Healthcare USA · Danvers, MA · 1 wk ago
On-siteInformation TechnologyFull-time
Role Description
Responsible for ensuring that Samsung Healthcare’s medical imaging devices are designed, developed and maintained to protect against cybersecurity threats throughout the product lifecycle.
Responsible for cybersecurity risk management, secure product development, DoD Risk Management Framework (RMF) compliance, vulnerability management and support of FDA and other global cybersecurity regulatory requirements.
Key Duties And Responsibilities, Other Duties May Be Assigned
- Lead product cybersecurity incident response activities and coordinate technical escalations from customers, service teams and internal stakeholders.
- Maintain and support Department of Defense Risk Management Framework (RMF) compliance, including Authorization to Operate (ATO) packages, security documentation, continuous monitoring activities and Plan of Action & Milestones (POAM) management.
- Perform cybersecurity risk assessments, including asset identification, threat modeling, vulnerability analysis, and security control evaluation for medical devices.
- Collaborate with R&D teams to integrate cybersecurity throughout the secure software development lifecycle (SSDLC) and ensure traceability between cybersecurity requirements, risks, mitigations, verification activities and design documentation.
- Complete RFPs, RFQs, and security questionnaires during the sales process, and respond to customer cybersecurity inquiries.
- Support cybersecurity verification and validation activities, including penetration testing, vulnerability assessments, security testing and remediation verification.
- Coordinate vulnerability management activities including security advisories, CVE assessments, software bill of materials (SBOM) review, patch evaluation, remediation planning and security updates for all products.
- Engage customers, government agencies, and other stakeholders to ensure compliance with cybersecurity requirements and define best practices.
- Collaborate with sales and marketing to integrate cybersecurity as part of go-to-market strategy.
- Stay current on applicable security laws, regulations and industry standards.
- Maintain technical knowledge of Samsung Healthcare products and associated cybersecurity architecture.
- Work independently with minimal supervision, and collaboratively as part of a cross functional team.
- Effectively manage priorities while balancing technical, regulatory and business objectives.
Qualifications and Requirements
- Bachelor's degree in Computer Science, Cybersecurity, Computer Engineering, Information Systems, or a related technical field.
- 5+ years of experience in a hands-on security engineering role.
- Extensive knowledge of FDA medical device cybersecurity guidance, NIST cybersecurity frameworks, FIPS publications, and DoD RMF processes.
- Experience securing network-connected medical devices, embedded systems, or regulated products preferred.
- Strong understanding of networking concepts, including Ethernet, TCP/IP, DNS, routing, switching, firewalls, and network segmentation.
- Working knowledge of Windows and Linux operating systems, system hardening, user access controls, and security configuration management.
- Ability to analyze complex technical issues, assess cybersecurity risks, and develop practical, risk-based recommendations.
- Experience interpreting security logs, vulnerability reports, penetration testing results, and cybersecurity assessments.
- Ability to manage multiple projects independently while working effectively in a fast-paced, cross-functional environment.
- Strong written and verbal communication skills with the ability to communicate technical concepts to engineering teams, management, customers, and regulatory agencies.
- Proficient with Microsoft Office (Excel, Word, PowerPoint, Outlook) and experience creating technical documentation and presentations.
- Strong analytical and critical thinking skills with excellent attention to detail.
- Ability to assess cybersecurity risks and communicate technical recommendations to both technical and non-technical stakeholders.
- Excellent troubleshooting and problem-solving abilities.
- Ability to manage multiple priorities while meeting project deadlines.
- Strong organizational and documentation skills.
- Effective collaboration across engineering, regulatory, quality, IT, and customer-facing teams.
- Self-motivated with the ability to work independently and take ownership of technical initiatives.
- Commitment to continuous learning and staying current with evolving cybersecurity threats, technologies, regulations, and industry best practices.
- Ability to adapt to changing priorities and support business needs in a dynamic environment.