Now hiring

Senior Security Engineer – Medical Device Cybersecurity & Compliance @ Arrow

2 LocationsOnsiteFull-timePosted 32 days ago

Opens on the employer's site

About this role

Position: Senior Security Engineer – Medical Device Cybersecurity & Compliance

Job Description: Job Description

Job Title: Senior Security Engineer – Medical Device Cybersecurity & Compliance Experience Level: 5-10 years

Key Responsibilities:

• Drive end-to-end cybersecurity integration across the medical device product development life cycle, ensuring security is embedded from concept to release. • Develop and maintain cybersecurity for medical products, including security requirements specifications, risk assessments, threat models, and product security architecture documentation. • Conduct thorough gap assessments to evaluate compliance with IEC 81001-5-1, IEC 60601-4-5, AAMI TIR 57, and AAMI TIR 97 standards, and implement remediation measures. • Perform hands-on vulnerability assessments, penetration testing, and secure code reviews of embedded devices, IoMT (Internet of Medical Things) components, and connected systems. • Collaborate closely with development, compliance, and regulatory teams to ensure product security measures meet both internal security policies and external regulatory expectations. • Support SBOM management, software supply chain risk evaluations, and third-party component analysis to maintain software transparency and mitigate risks. • Provide expert input on secure communication protocols, encryption standards, data protection for both at-rest and in-transit data, and cloud-based connectivity of medical systems. • Assist in developing incident response strategies and bring working knowledge of HIPAA, GDPR, and HL7 to address data privacy and healthcare-specific regulatory concerns. • Contribute to the continuous enhancement of internal secure development processes, tools, and methodologies, while championing security best practices within product teams.

Required Skills and Qualifications:

• Minimum of 6 years of experience in cybersecurity, including at least 3 years focused on medical devices, embedded systems, or IoT security.

• Proven track record in authoring security design, defining technical requirements, and documenting security architectures aligned with regulatory needs. • Hands-on experience in embedded system security including secure boot, firmware security, threat modeling techniques (e.g., STRIDE, DREAD), and product-level risk assessments. • Strong understanding of IEC 81001-5-1, IEC 60601-4-5, AAMI TIR 57, and AAMI TIR 97, along with working knowledge of the medical device product development lifecycle and quality standards like ISO 14971. • Demonstrated expertise in vulnerability management and penetration testing of connected products across device and cloud ecosystems. • Familiarity with data privacy and interoperability standards such as HIPAA, GDPR, and HL7 is highly desirable. • Excellent problem-solving skills, critical thinking, and ability to lead gap analysis and remediation activities in regulated environments. • Strong collaboration skills with the ability to influence cross-functional teams including R&D, compliance, and product management.

Location: IN-GJ-Ahmedabad, India-Ognaj (eInfochips)

Time Type: Full time

Job Category: Engineering Services

Ready to apply?

Install the ResuMinder extension and we'll auto-fill the application in seconds — no rewriting.

Get the extension →
See how your CV scores — free
Senior Security Engineer – Medical Device Cybersecurity & Compliance at Arrow | ResuMinder Jobs