Boston Scientific is hiring a Principal Cybersecurity Engineer

Lead cybersecurity strategy throughout the medical device product lifecycle, applying expertise in threat modeling, secure design, and regulatory compliance. Work in a hybrid model across Marlborough, MA, San Diego, CA, or Maple Grove, MN.

Responsibilities

• Lead threat modeling using STRIDE and conduct security risk assessments to identify and evaluate potential threats and safety concerns.
• Define product security requirements, architectures, design specifications, and strategies for verification and validation.
• Stay up to date with emerging regulations and standards relevant to medical device security, including FDA Premarket and Post-market Cybersecurity Guidance and TIR 57.
• Collaborate with product development teams to integrate security controls during design, development, and maintenance phases.
• Establish best practices for secure coding, configuration management, and patching processes.
• Develop and implement risk mitigation strategies while maintaining comprehensive risk management documentation.
• Oversee and improve incident response plans and procedures to ensure timely and effective handling of security incidents.
• Advance vulnerability management practices, including evaluating and deploying patches and updates.
• Work closely with internal teams such as Software Development, Quality, Regulatory, and IT to align security objectives.
• Demonstrate leadership and resilience by presenting to the Security Champions program.

Requirements

• Bachelor’s or master’s degree in Cybersecurity, Computer Science, Computer Engineering, or a related field.
• Minimum of 9 years of cybersecurity engineering experience, with recent focus on product security in IoT cloud environments.
• Proven track record leading security design and architecture reviews for complex embedded medical devices or similar technologies.
• Demonstrated experience in conducting security risk assessments and implementing mitigation strategies.
• Strong understanding of cybersecurity frameworks such as the NIST Cybersecurity Framework and defense-in-depth best practices.
• Excellent written and verbal communication skills for engaging technical teams, stakeholders, and executive leadership.
• Ability to collaborate effectively across multidisciplinary teams, connecting technical, regulatory, and business functions.

Nice to Have

• Minimum of 5 years of experience in the medical device industry or another highly regulated sector; experience in healthcare security architecture or medical device administration is beneficial.
• Development experience securing Yocto, desktop Linux, Windows IoT, or Android platforms.
• In-depth knowledge of medical device deployment in healthcare settings, including integration with Active Directory (AD) or Single Sign-On (SSO).
• Hands-on experience with IoT cloud platforms such as Azure or AWS.
• Experience writing secure code, using vulnerability scanning tools, and applying penetration testing methodologies.
• Comprehensive knowledge of embedded systems security, network security, endpoint protection, wireless communications, network protocols, and PKI.
• Experience supporting compliance with VA Handbook 6500 and ISO/IEC 27001 certification.
• Relevant certifications such as GIAC, ISSEP, ISSAP, or CRISC are advantageous.
• Experience conducting vulnerability and risk assessments using CVSS scoring.

Tech Stack

STRIDE, NIST Cybersecurity Framework, FDA Premarket Guidance, Post-market Cybersecurity Guidance, TIR 57, Yocto, Linux, Windows IoT, Android, Active Directory (AD), Single Sign On (SSO), Azure, AWS, CVSS, PKI, IoT cloud, embedded systems, secure coding, penetration testing, vulnerability scanning

Benefits

• Access to up-to-date tools, information, and training resources
• Support for career advancement and professional skills development
• Opportunity to work within diverse, high-performing teams
• Inclusion in a culture that values innovation and global collaboration
• Comprehensive employee benefits package (details at bscbenefitsconnect.com)

Compensation

Salary range from $102,100 to $194,000, commensurate with experience and training. May include annual bonus target and long-term incentives for exempt roles; overtime and shift differential apply for non-exempt roles. Equity details not specified.

Work Arrangement

Hybrid work model requiring presence in the office at least three days per week at one of the following locations: US-MA-Marlborough, US-CA-San Diego, US-MN-Maple Grove.

Team

Part of the Interventional Cardiology team, one of the company’s most product-diverse divisions.

• Diversity
• Innovation
• Caring
• Global Collaboration
• Winning Spirit
• High Performance
• Inclusion
• Equality
• Opportunity for all
• Advancing science for life

Additional Information

• This position is classified as safety-sensitive and requires a prohibited substance test as a condition of employment.
• Some U.S. roles may require proof of COVID-19 vaccination, especially for positions involving hospital or healthcare facility access.
• The company is an equal opportunity employer and does not discriminate based on race, religion, color, national origin, citizenship, sex, sexual orientation, gender identity, gender expression, veteran status, age, mental or physical disability, genetic information, or any other protected class.
• In Massachusetts, it is illegal to require or administer a lie detector test for employment purposes.
• Requisition ID: 624109