Why this Role MattersJoin the Surgical R&D organization in a role where you will help ensure the cybersecurity, safety, and reliability of innovative surgical products that support patient care. In this position, you will be responsible for embedding secure-by-design practices throughout the product lifecycle while partnering with engineering, quality, regulatory, and corporate security teams to deliver compliant and resilient solutions. This is a strong opportunity for someone who brings deep product security expertise, strong cross-functional collaboration skills, and a passion for advancing cybersecurity within a regulated medical device environment.
What You'll Do- Architect and implement a consistent cybersecurity strategy across surgical capital equipment product lines to establish a scalable and secure product ecosystem.
- Embed secure-by-design principles throughout the product lifecycle, providing guidance on secure architecture, threat modeling, design controls, cryptography, and secure communication protocols.
- Lead execution of cybersecurity requirements across development programs, ensuring alignment with regulatory expectations, corporate standards, and product quality objectives.
- Coordinate vulnerability management activities, including intake, triage, risk assessment, remediation tracking, and documentation of product security issues through closure.
- Serve as the Surgical R&D cybersecurity representative for vulnerability disclosure and incident response activities, supporting investigations, impact assessments, root cause analyses, and remediation efforts.
- Partner with engineering teams to implement security testing practices, including SAST, DAST, SCA, penetration testing, and automated security controls within development pipelines.
- Support supplier and third-party security initiatives by defining security requirements, managing software supply chain risks, and maintaining Software Bill of Materials (SBOM) processes.
- Collaborate with Quality, Regulatory Affairs, IT, and Corporate Product Security teams to ensure compliance with evolving cybersecurity regulations and industry standards while enabling efficient product delivery.
What You'll BringRequired Education & Experience:- Bachelor's degree in Engineering, Computer Science, Cybersecurity, or a related technical discipline.
- 7+ years of experience in product security, application security, medical device cybersecurity, or software security within a regulated environment.
- Demonstrated experience supporting or leading cybersecurity activities for medical device or other regulated product development programs.
- Strong communication, collaboration, stakeholder management, and problem-solving skills.
- Ability to translate technical cybersecurity risks into clear, actionable guidance for engineering, quality, and regulatory stakeholders.
Specialized Technical, Regulatory & Industry Skills & Knowledge - Strong expertise in secure product design, threat modeling, vulnerability management, and secure software development practices.
- Working knowledge of connected device security, embedded systems, and software-enabled product architectures.
- Experience with security testing tools and methodologies, including SAST, DAST, SCA, and penetration testing.
- Understanding of software supply chain security practices, including SBOM development and third-party risk management.
- Experience working across cross-functional and global teams to drive cybersecurity outcomes and influence stakeholders without direct authority.
- Knowledge of secure development lifecycle (SDLC) frameworks, vulnerability disclosure processes, and product incident response activities.
- Familiarity with cybersecurity governance, risk assessment, and compliance processes within regulated industries.
Preferred- Advanced degree in Cybersecurity, Computer Science, Engineering, or a related field.
- Relevant industry certifications such as CISSP, CSSLP, OSCP, GWAPT, or equivalent.
- Experience in medical device, healthcare, or other regulated industries, and/or working within a quality-managed or GxP regulated environment.
- Working knowledge of medical device cybersecurity regulations and standards (e.g., FDA premarket/post market guidance, IEC 81001-5-1, AAMI TIR57, UL 2900, NIST frameworks).
- Experience developing cybersecurity documentation to support regulatory submissions and audits.
This position may be available in the following location(s): US - Remote
For U.S. locations that require disclosure of compensation, the starting pay for this role is between $140,000 and $180,000. The estimated salary range reflects an anticipated range for this position. The actual base salary offered may depend on a variety of factors.
U.S. based employees may be eligible for short-term and/or long-term incentives. They may also be eligible to participate in medical, dental, vision insurance, disability and life insurance, a 401(k) plan and company match, a tuition reimbursement program (select degrees), company holidays, and well-being benefits, among others. U.S. based employees are also eligible to receive sick time, floating holidays and paid vacation.