Apply📍 United States
🧭 Full-Time
💸 167700.0 - 289800.0 USD per year
🔍 Software Development
- Expertise in secure microcontroller architectures and hardware security modules (HSMs).
- Understanding of PKI, TLS 1.3, and cryptographic primitives used in medical devices.
- Strong background in threat modeling for cybersecurity, and security analytics in medical devices and digital medical devices ecosystems
- Experience with secure OTA updates, SBOM automation, and FDA cybersecurity premarket/post market processes.
- Security certifications such as CISSP, CSSLP, OSCP, CEH, or GIAC GICSP are highly preferred.
- Play a critical role in shaping Abiomed’s cybersecurity strategy and influencing senior leadership to ensure security is a core component of business and technology decisions.
- Articulate the importance of cybersecurity as a business enabler, aligning security investments with Abiomed’s innovation roadmap and patient safety goals.
- Provide cybersecurity briefings to Abiomed heart recovery global management board and senior leadership, emphasizing risk management, regulatory compliance, and industry trends.
- Translate technical cybersecurity risks into business risks, ensuring leadership understands the financial, operational, and reputational impact of security decisions.
- Advocate for product security funding and resource allocation, ensuring product security is embedded in R&D budgets and technology roadmaps.
- Act as the technical cybersecurity thought leader, engaging with executives, regulatory agencies, and global cybersecurity consortia to shape medical device security best practices.
- Mentor and upskill internal teams, fostering a security-first engineering culture
- Architect end-to-end security solutions for implantable, wearable, and external cardiac assist devices, ensuring protection from cyber threats across embedded, edge, cloud, and mobile ecosystems.
- Define and implement secure boot, firmware integrity validation, and anti-tamper mechanisms to protect Impella firmware against unauthorized modification.
- Enforce cryptographic protocols for data-at-rest and data-in-transit, ensuring compliance with NIST 800-175, FIPS 140-3, IEC 62443, and FDA cybersecurity requirements.
- Design key management infrastructure (PKI, HSMs, TPMs, and secure enclave integration) for device identity, authentication, and software signing.
- Lead Secure Development Lifecycle practices, integrating threat modeling, static/dynamic analysis, fuzz testing, and formal verification into the development process.
- Define hardware security architecture, including trust zones, hardware root of trust (HRoT), and secure microcontroller protections
- Implement memory safety strategies to mitigate buffer overflows, side-channel attacks, and execution vulnerabilities in real-time operating systems (RTOS) and bare-metal firmware.
- Use J&J’s ISRM Product Security framework to ensure a structured, risk-based approach to identifying, assessing, mitigating, monitoring and resolving cybersecurity threats across the medical device total product lifecycle
- Utilize MITRE CVSS rubric for medical devices and structured threat modeling methodologies (STRIDE) to assess vulnerabilities, prioritize risks based on clinical impact, and implement proactive security controls
- Develop real-time vulnerability assessment techniques for detecting security flaws in wireless communications (Bluetooth LE, NFC, Wi-Fi, 5G, proprietary RF) used in Abiomed’s devices.
- Implement Zero Trust security for device-to-cloud connectivity, integrating mTLS, OAuth2, and continuous authentication models into clinical applications.
- Oversee secure OTA (over-the-air) update mechanisms, ensuring firmware rollbacks, code signing, and supply chain integrity validation.
- Lead regulatory security submissions, ensuring compliance with FDA Cybersecurity Guidance (2023), EU MDR, NIST 800-53, IMDRF, and AAMI TIR57.
- Ensure post-market cybersecurity monitoring and SBOM management strategies, integrating real-time CVE tracking, AI-driven anomaly detection, and automated patch validation.
- Oversee Product Security Incident Response for real-time incident response, forensic analysis, and coordinated vulnerability disclosure
AWSLeadershipBashCybersecurityEmbedded SystemsSoftware ArchitectureAssemblerC++Cross-functional Team LeadershipAPI testingCI/CDC (Programming language)Agile methodologiesMentoringComplianceRisk ManagementData analytics
Posted about 13 hours ago
Apply