Medical Device Security Engineer

Medical Device Security Engineer at Integra LifeSciences

Changing lives. Building Careers.

Joining us is a chance for you to do important work that creates change and shapes the future of healthcare. Thinking differently is what we do best. To us, change equals opportunity. Every day, more than 4,000 of us are challenging what’s possible and making headway to help improve outcomes.

Key Responsibilities

• Perform risk analysis on product‑related cybersecurity risks, determine required security controls, and manage residual risk for security‑related product threats.
• Model Product Security Threats and continuously monitor global product‑related cybersecurity threats.
• Conduct and document CIS (Center for Internet Security) Benchmark / Baseline reviews for relevant systems and embedded platforms to ensure compliance with hardened configuration requirements.
• Ensure adherence to recognized Medical Device Cybersecurity Frameworks, including (but not limited to): FDA Pre‑ and Post‑Market Cybersecurity Guidance, AAMI TIR57 & AAMI TIR97, ANSI/AAMI SW96, IEC 81001‑5‑1 (Health Software & Health IT Security), IEC 62443 (Industrial & IoT Security where applicable), ISO 14971 (Risk Management) as applied to security‑induced safety risks.
• Research and advocate for new security solutions, technologies, and architecture patterns to improve product cybersecurity posture.
• Collaborate with development teams to integrate secure coding and secure design practices into the software and hardware development lifecycle.
• Collaborate with Quality and Regulatory functions to ensure proper evaluation and documentation of safety risks induced by security risks, aligning with medical device safety regulations.
• Implement and manage security tools and technologies that strengthen the security posture of applications, embedded systems, and connected medical devices.
• Provide technical cybersecurity guidance, mentorship, and support to engineering teams, leadership, and cross‑functional stakeholders.
• Support vulnerability management activities, including SBOM reviews, vulnerability scanning, penetration testing coordination, and remediation planning.
• Ensure product designs incorporate secure configuration, hardening, encryption, authentication, authorization, secure update mechanisms, and secure logging principles.
• Participate in internal and external cybersecurity assessments, audits, and regulatory submissions (FDA, EU MDR, Notified Bodies).
• Develop and maintain cybersecurity documentation, including threat models, risk assessments, secure‑by‑design documentation, security test plans, and postmarket surveillance artifacts.

Experience and Education

• At least 10 years of experience in the Information Security or Cybersecurity domain.
• Certification(s) from recognized cybersecurity organizations (e.g., ISC², ISACA, GIAC).
• Experience as a Security Regulation and Standards Engineer/Manager.
• Experience in systems engineering and collaborative development environments.
• Experience preparing cybersecurity documentation for regulated industries.

Additional Experience

• Experience working in regulated industries (Medical Device, Avionic) – advantage.
• Academic degree in Computer Science, Software Engineering, Electrical Engineering, or equivalent work experience – advantage.
• Experience in Software and/or Hardware development – advantage.
• Experience applying medical cybersecurity frameworks such as IEC 81001‑5‑1, AAMI TIR57, AAMI TIR97, ISO 14971, and/or IEC 62443 – strong advantage.

Required Knowledge

• Knowledge of Information Security and Cybersecurity Standards, Methodologies, and Controls, including CIS Benchmarks, NIST Cybersecurity Framework, OWASP, and secure development methodologies.
• Knowledge and hands‑on experience in product development and system engineering processes across hardware, firmware, and software.
• Strong understanding of medical device cybersecurity requirements, secure architecture patterns, threat modeling (STRIDE, attack trees), and product lifecycle security.
• Familiarity with secure boot, cryptography, embedded system hardening, secure communication protocols, and resilience techniques.

Certifications

• Preferred industry certifications such as: CISSP, CSSLP, CEH, GICSP, GCSD, CCSP – advantage.
• Medical‑device‑relevant credentials (e.g., HCISPP, CISA, GIAC IoT Security) – advantage.

Key skills/competency

• Medical Device Cybersecurity
• Risk Analysis
• Threat Modeling
• Vulnerability Management
• Secure Development Lifecycle
• Regulatory Compliance (FDA, EU MDR)
• Embedded Systems Security
• CIS Benchmarks
• ISO 14971
• IEC 81001-5-1