Boston Scientific is hiring a Principal Cybersecurity Engineer to embed security into the product lifecycle for medical devices. You will be part of the Interventional Cardiology R&D team, guiding strategy, ensuring compliance with regulations, and protecting products within a regulated industry.
What You'll Do
- Lead threat modeling using STRIDE and security risk assessments.
- Elicit and define product security needs, architectures, and verification strategies.
- Stay current with emerging medical device regulations like FDA guidance and TIR 57.
- Collaborate with development teams to embed security controls throughout design and maintenance.
- Establish best practices for secure coding, configuration management, and patching.
- Develop and implement risk mitigation strategies and maintain related documentation.
- Oversee and enhance incident response plans for rapid resolution.
- Drive continuous improvement of vulnerability management and patch deployment.
- Collaborate closely with Software Development, Quality, Regulatory, and IT teams.
- Model resiliency and present topics to the Security Champions program.
What We're Looking For
- Bachelor’s or master’s degree in Cybersecurity, Computer Science, Computer Engineering, or a related field.
- 9+ years of experience in cybersecurity engineering, with recent focus on product/IoT cloud security.
- Proven experience leading security design reviews for complex, embedded medical devices.
- Demonstrated history of creating and executing security risk assessments.
- In-depth understanding of cybersecurity frameworks like NIST and defense in depth.
- Excellent written and verbal communication skills for technical and executive audiences.
- Ability to work collaboratively across multidisciplinary teams.
Nice to Have
- 5+ years in the medical device industry or a similarly regulated environment.
- Development experience securing Yocto and desktop Linux, Windows IoT, or Android.
- Deep knowledge of medical device deployment in healthcare, including Active Directory or Single Sign On integrations.
- Hands-on experience with IoT cloud deployments such as Azure or AWS.
- Experience writing code, with secure coding practices, vulnerability scanning, and penetration testing.
- Knowledge of embedded systems security, network security, wireless communications, and PKI.
- Experience supporting VA Handbook 6500 compliance or ISO/IEC 27001 certification.
- Relevant certifications (e.g., GIAC, ISSEP, ISSAP, CRISC).
- Experience with vulnerability and risk assessments including CVSS.
Technical Stack
- Yocto, Linux, Windows IoT, Android
- Azure, AWS
- Active Directory, Single Sign On
Team & Environment
You will be part of the Interventional Cardiology team, supporting R&D efforts.
Benefits & Compensation
- Salary range: $102,100 - $194,000.
Work Mode
This is a hybrid role based in Maple Grove, MN, Marlborough, MA, or San Diego, CA.
Boston Scientific values diversity, innovation, caring, global collaboration, a winning spirit, and high performance.
