Engineer, Product Security

Department: Information Technology

Employment Type: Full Time

Location: US-North Carolina-Raleigh

Description

This position is ideal for mid-level engineering professionals to join the Technology Governance & Compliance team as a Product Security Engineer, driving security-by-design practices across medical device products. Partnering with cross-functional teams including Information Security, Regulatory Affairs, Quality Assurance, and Product R&D, you will provide security expertise, risk assessments, and compliance guidance to ensure software and hardware medical devices meet global regulatory and cybersecurity requirements. This role is critical in strengthening product security posture, supporting medical device compliance, and enabling secure innovation across Align Technology's product ecosystem.

Role expectations

• Support the Manager, Product Security in annual product security program planning and execution, including aligning priorities, tracking key initiatives, and ensuring readiness for regulatory, audit, and business objectives.
• Coordinate with cross-functional teams to integrate medical device security requirements throughout the product lifecycle, including risk assessments, security testing (SAST, DAST, SCA, penetration testing), and development and completion of product security deliverables.
• Perform and participate in medical device security risk assessments, including threat modeling, security design control evaluation, mitigation strategies, and publication of assessment reports.
• Support Regulatory Affairs and Quality Assurance with global regulatory submissions (e.g., US FDA, EU MDR, China NMPA) by providing product security subject matter expertise.
• Review system architectures, data flows, and software designs to ensure compliance with product security regulatory requirements for medical devices.
• Monitor and assess product security vulnerability management processes, including results from scans, third-party findings, and customer-reported issues.
• Analyze product security data and trends to support continuous improvement and risk-informed decision-making.
• Enable development teams to build secure products by design through guidance, frameworks, and best practices.
• Ensure alignment with Product Risk Management and Product Security Risk Management (PSRM) processes and applicable industry standards.
• Perform other duties as assigned to support Product Security objectives.
• Demonstrated ability to work independently as a self-directed engineer, effectively navigating challenges and influencing outcomes across stakeholders.
• Strong verbal and written communication skills, with the ability to clearly convey technical concepts to both technical and non-technical audiences at all levels of the organization.
• Proven problem-solving capabilities, with a focus on root cause analysis, critical thinking, and attention to detail in complex engineering environments.
• Experience managing technical initiatives, with solid project management and sound engineering decision-making skills.
• Hands-on experience supporting regulatory compliance activities and contributing to technical inputs for regulatory submissions.
• Strong curiosity and drive to continuously learn emerging technologies, particularly in medical device security, and apply that knowledge to meet regulatory and security requirements.
• Ability to work as a team player globally to achieve individual and company success.

What we're looking for

• Bachelor's degree or equivalent work experience.
• 5+ years of professional experience.

Experience:

• Knowledge of FDA Quality System requirements, medical device quality management requirements (ISO 13485), application of risk management to medical devices (ISO 14971) requirements, security risk management of medical devices, Medical Device Regulation (MDR) requirements, Knowledge of Good Manufacturing Practices (GMP), MDSAP or other international equivalence.
• Familiar with Medical Device Software - Software Life Cycle (ISO 62304) processes.
• Hands-on experience with secure development practices, application security, cloud security, or risk management.
• Knowledge in understanding and applying industry frameworks such as those published by ISO, NIST, OWASP, CSA, and/or AICPA.
• Strong analytical, problem-solving, and decision-making skills.
• Demonstrated ability to manage multiple priorities and deliver results in a fast-paced environment.
• Experience working in regulated environments (e.g., medical devices or healthcare) is preferred.
• Experience working across global teams and distributed environments.

Complementary skills

• Professional certifications such as CISSP, CISM, CISA, HCISPP, CompTIA Security+, or other cybersecurity-related credentials.
• Familiarity with DevSecOps practices, security testing tools, and vulnerability management platforms.
• Strong analytical and root cause analysis capabilities with attention to detail.
• Passion for continuous learning and applying emerging technologies and security practices to medical devices.
• Experience in the following technical disciplines: application security, medical device security, risk management, medical device design (SiMD/SaMD), cloud security, or biomedical engineering.

Pay Transparency

If provided, base salary or wage rate ranges are the range in which Align reasonably expects to set a candidate's pay for the posted position. Actual placement depends on the individual skills and experience level of a candidate plus the total compensation and equity across team members. For other locations outside of the primary location, the base salary range will be adjusted geographically.

For Field Sales roles, the salary listed is the base pay only and does not include the applicable incentive compensation plan. A cost of living adjustment may be added to base pay for higher cost areas in the U.S.

Our internship hourly rates are a standard pay determined based on the position and your location, year in school, degree, and experience.

General Description of All Benefits

We are pleased to provide a general description of the benefits Align offers to full-time employees in this position.

Family Benefits. Align offers employees and their eligible dependents medical (with a Health Savings Account option for some plan offerings), dental, and vision in accordance with those plans. Align also offers to employees:

• Discounts on Invisalign and Vivera to employees and their eligible dependents after 90 days of employment
• Back-up Child/Elder Care and access to a caregiving concierge
• Family Forming Benefits - Available to Employees, and their spouse or domestic partner, covered under one of Align's health plans
• Breast Milk Delivery and Lactation Support Services
• Employee Assistance Program
• Hinge Health Virtual Physical Therapy - Available to all employees and eligible dependents (age 18+) enrolled in an Align medical Plan

Employee benefits. Align offers its employees:

• Short-term and long-term disability insurance in accordance with those plans.
• Basic Life Insurance and Accidental Death and Dismemberment. Voluntary Supplemental Life Insurance for Employee, Spouse/Domestic Partner, and Child(ren) are available for purchase in accordance with those plans.
• Flexible Spending Accounts- Employees may be eligible to participate in a health care account (including a limited health FSA if enrolled in a HDHP), dependent care account, and a pre-tax commuter benefit plan.
• 401k plan (with a discretionary Company match of 50% up to 6% of eligible earnings up to a maximum match of 3%.). Employer match vests after two years - 25% year one and 100% at year two. Align offers traditional, Roth, and after-tax options.
• Employee Stock Purchase Program (Employees must work 20 hours or more and be employed on purchase date to be eligible).
• Paid vacation of up to 17 days during the first full year of employment (currently accrued at the rate of 5.24 hours each pay-period), which carries over to a maximum cap of 30 days. Annual paid vacation time accrual increases based on tenure. Both exempt and non-exempt employees who work 32 hours or more per week receive prorated vacation accrual based on their regularly scheduled work hours and tenure.
• Sick time is accrued throughout the year at the rate of one hour for every thirty worked. Employees can carry over unused sick leave each year, up to a maximum balance of 80 hours.
• 11 Company-designated paid holidays throughout the year.
• If employed for at least 12 consecutive months, Align will grant up to 6 weeks of paid Parental Leave. If employed for less than 12 consecutive months, Align will grant up to 4 weeks of paid Parental Leave. All parental leave must be completed within one year of the birth or placement of the child. Parental leave is in addition to any state and/or local parental leave benefits. Three days of paid bereavement leave. In some cases, due to travel the amount of paid leave may be extended to 5 paid days off. To the extent applicable state or local law offers more generous benefits, Align complies with any such law.
• Non-exempt employees will receive full pay for up to 10 days of jury duty. Exempt employees will receive their full salary during any week they serve and perform any work. Other insurance such as legal, critical illness, voluntary accident, long-term care, auto, home and pet insurance are available for purchase.

To the extent applicable state or local law offers more generous benefits, Align complies with any such law.