Principal Cybersecurity Engineer (Permanent)

P

Pira Consulting | Professional Technology Staffing Agency

Principal Cybersecurity Engineer (Permanent)

Maple Grove, MN
Full Time
Paid
  • Responsibilities

    Your responsibilities will include:

    • Interpret and apply relevant cybersecurity standards and regulations (e.g., FDA/CMDE/MDCG Cybersecurity Guidance, IEC 62443, ISO 14971, HIPAA, GDPR) to ensure product compliance.
    • Stay current with emerging regulations and standards related to medical device security (e.g., FDA Premarket Guidance, Post-market Cybersecurity Guidance).
    • Collaborate with product development teams to embed security controls throughout the design, development, and maintenance phases.
    • Lead threat modeling and security risk assessments across the organization, identifying and evaluating potential threats and vulnerabilities.
    • Elicit and define product security needs and requirements; define product security architectures and design specifications, and verification and validation strategies.
    • Conduct vulnerability assessments, fuzzing and penetration testing to identify and mitigate risks.
    • Establish best practices and processes for secure coding, configuration management, and patching.
    • Develop and implement risk mitigation strategies and maintain risk management documentation.
    • Oversee and enhance incident response plans and processes, ensuring rapid and effective resolution of security incidents.
    • Drive continuous improvement of vulnerability management, including the evaluation and deployment of necessary patches or updates.
    • Work closely with internal stakeholders (Software Development, Quality, Regulatory, IT, etc.) to align on security goals and requirements.
    • Present cybersecurity findings, reports, and recommendations to senior leadership, regulators, and external auditors.

    Required qualifications:

    • Bachelor’s or Master’s degree in Cybersecurity, Computer Science, Computer Engineering, or a related field.
    • 9+ years of experience in cybersecurity engineering, with a focus on product development and risk management.
    • Proven experience leading security design and architecture reviews for complex, embedded medical devices or similar technologies.
    • Demonstrated track record of creating and executing security risk assessments and mitigation strategies.
    • In-depth understanding of cybersecurity frameworks (e.g., NIST Cybersecurity Framework).
    • Understanding of privacy regulations (HIPAA, GDPR) and their intersection with medical device cybersecurity.
    • Strong leadership, decision-making, and team-building capabilities.
    • Excellent written and verbal communication skills for interfacing with technical teams, stakeholders, and executive leadership.
    • Ability to work collaboratively across multidisciplinary teams, bridging gaps between technical, regulatory, and business functions.

    Preferred qualifications:

    • Years of experience working in the medical device industry or a similarly regulated environment; security architecture or medical device administration experience in healthcare settings is also a plus.
    • Hands-on experience with secure coding practices, vulnerability scanning tools, fuzzing, and penetration testing methodologies.
    • Knowledge of embedded systems security, wireless communications, network protocols, and PKI.
    • Familiarity with FDA regulations and guidance documents for medical devices (e.g., 21 CFR Part 820).
    • Working knowledge of SW96/TIR57/TIR97, IEC 62304 (software lifecycle), IEC 60601 (electrical safety), and ISO 14971 (risk management).
    • Experience supporting VA Handbook 6500 compliance and ISO/IEC 27001 certification.
    • Relevant certifications (e.g., GIAC, OffSec, CISSP, CISM, CRISC) are a plus.