Product Security Engineer
Remote with quarterly reimbursed travel
About eNGINE
eNGINE builds Technical Teams. We are a Solutions and Placement firm shaped by decades of interaction with Technical professionals. Our inspiration is continuous learning and engagement with the markets we serve, the talent we represent, and the teams we build. Our Consulting Workforce is encouraged to enjoy career fulfillment in the form of challenging projects, schedule flexibility, and paid training/certifications. Successful outcomes start and finish with eNGINE.
Product Security Engineer
eNGINE is seeking a Product Security Engineer to help secure the next generation of connected medical devices. In this role, you'll work alongside embedded software, systems, and R&D teams to embed cybersecurity throughout the product development lifecycle—from early architecture and threat modeling to regulatory readiness and post-market vulnerability management.
This is an opportunity for someone who enjoys solving complex security challenges in embedded environments while helping engineering teams build products that are secure, compliant, and ready for real-world deployment. The ideal candidate understands both cybersecurity and product development, can communicate effectively with engineers and regulatory stakeholders, and is passionate about improving security processes across an organization.
Responsibilities
-
Partner with embedded software and product development teams to integrate cybersecurity into every stage of the software development lifecycle
-
Provide technical guidance on secure architecture, secure coding practices, encryption, authentication, certificate management, and access controls
-
Lead threat modeling activities for both new and existing network-connected embedded products, identifying risks and recommending practical mitigation strategies
-
Support Software Bill of Materials (SBOM) and Vulnerability Exploitability eXchange (VEX) management, including vulnerability tracking and remediation efforts
-
Assist engineering teams with Coordinated Vulnerability Disclosure (CVD) processes and product security response activities
-
Collaborate with development teams to implement security controls and countermeasures within embedded systems and connected devices
-
Develop and maintain cybersecurity documentation required for regulatory submissions, including risk assessments, mitigation plans, and security testing evidence
-
Help establish and improve secure development processes, policies, and engineering best practices
-
Monitor emerging cybersecurity threats, vulnerabilities, and industry trends impacting connected medical devices
-
Partner with cross-functional teams to ensure products meet applicable cybersecurity regulations and compliance requirements
-
Support security testing initiatives and work with development teams to address identified findings
-
Provide technical guidance to stakeholders ranging from software engineers to quality and regulatory teams
Qualifications
-
Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering, Cybersecurity, or a related technical discipline
-
5+ years of experience in Product Security, Application Security, or Embedded Security
-
Experience supporting cybersecurity initiatives for medical devices, healthcare technology, or other highly regulated products
-
Strong understanding of embedded systems, including Embedded Linux environments
-
Working knowledge of networking fundamentals, including TCP/IP, secure communications, TLS, certificates, and authentication
-
Experience using Python for scripting, automation, or lightweight security tooling
-
Familiarity with cloud environments such as AWS and cloud service architectures
-
Experience performing threat modeling and security risk assessments for connected products
-
Understanding of secure software development lifecycle (SSDLC) principles and security-by-design practices
-
Experience with security testing methodologies and tools, including SAST, DAST, IAST, open-source software (OSS) scanning, and fuzz testing
-
Knowledge of SBOM management, software supply chain security, and vulnerability management processes
-
Strong written and verbal communication skills with the ability to explain technical concepts to engineers, leadership, and regulatory stakeholders
Preferred Experience
-
Experience with FDA cybersecurity guidance for medical devices, including pre-market and post-market requirements
-
Familiarity with medical device standards and frameworks such as IEC 62304, AAMI TIR57, NIST Cybersecurity Framework, EU MDR, and other global cybersecurity regulations
-
Experience supporting regulatory submissions and cybersecurity documentation for connected medical devices
-
Knowledge of Coordinated Vulnerability Disclosure (CVD) programs and product incident response
-
Background working in Agile software development environments
Next Steps
No C2C, relocation, referral, or sponsorship candidates for this role. For finer details on how eNGINE can impact your career, apply today!