Apply now: Senior/Principal Product Security Engineer, location is Remote. The start date is ASAP for this contract position.
Job Title: Senior/Principal Product Security Engineer
Location-Type: Remote
Start Date Is: ASAP
Duration: 9-12 month contract
Compensation Range: $70-85/hr W2
Benefits: Eligible for Health, Dental, Vision, 401K
Must be authorized to work in the U.S. This position is not eligible for sponsorship.
Job Description:
Lead hands-on product security documentation and risk deliverables for regulated MedTech devices supporting FDA submission readiness.
Day-to-Day Responsibilities:
- Pull and complete templates within the Quality Management System (QMS)
- Own and drive product security documentation end-to-end (Word/Excel)
- Conduct threat modeling, risk assessments, and cybersecurity evaluations
- Collaborate with R&D software teams to gather requirements and validate findings
- Develop and maintain product security plans and vulnerability reports (SOUP, MDS)
- Perform vulnerability analysis using CVSS and software bill of materials (SBOM)
- Ensure alignment with FDA premarket cybersecurity guidance and ISO 14971
- Route completed documentation for internal review and approval
- Manage multiple deliverables (up to ~6 per product) simultaneously
Requirements:
- Must-Haves:
- 5–6 years of experience in product security or cybersecurity engineering
- Hands-on experience in regulated MedTech or similar highly regulated environment
- Proven ownership of threat models, cybersecurity architecture, and risk assessments
- Experience with vulnerability management (CVSS, SBOM, SOUP reports)
- Strong experience working within a QMS and driving documentation to completion
- Familiarity with FDA premarket cybersecurity guidance
- Knowledge of ISO 14971 risk management frameworks
- Ability to work cross-functionally with R&D and engineering teams
- Nice-to-Haves:
- Experience supporting FDA submissions for medical devices
- Background in urology or similar medical device domains
- Experience managing multiple concurrent compliance deliverables
- Exposure to cybersecurity metrics and reporting frameworks