Principal Cybersecurity Engineer

At Boston Scientific, we’ll give you the opportunity to harness all that’s within you by working in teams of diverse and high-performing employees, tackling some of the most important health industry challenges. About the role : Boston Scientific is seeking an experienced Principal Cybersecurity Engineer with a strong background in the design, development, and testing of cybersecurity features and controls in a regulated industry. This individual will be responsible for overseeing and guiding the cybersecurity strategy throughout the product lifecycle, ensuring compliance with relevant standards and regulations. Be a part of the Interventional Cardiology team, one of Boston Scientific’s most product-diverse divisions, supporting R&D in the design of exciting new products and business development activities. Work Mode : This role follows a hybrid work model, requiring employees to be in our Maple Grove, MN office at least three days per week. Your responsibilities will include ; Interpret and apply relevant cybersecurity standards and regulations to ensure product compliance. Stay current with emerging regulations and standards related to medical device security. Collaborate with product development teams to embed security controls throughout the design, development, and maintenance phases. Lead threat modeling and security risk assessments across the organization. Elicit and define product security needs and requirements. Conduct vulnerability assessments, fuzzing and penetration testing to identify and mitigate risks. Establish best practices and processes for secure coding, configuration management, and patching. Develop and implement risk mitigation strategies and maintain risk management documentation. Oversee and enhance incident response plans and processes. Drive continuous improvement of vulnerability management. Work closely with internal stakeholders to align security goals and requirements. Present cybersecurity findings, reports, and recommendations to senior leadership, regulators, and external auditors. Required qualifications : Bachelor’s or master’s degree in Cybersecurity, Computer Science, Computer Engineering, or a related field. 9+ years of experience in cybersecurity engineering, with a focus on product development and risk management. Proven experience leading security design and architecture reviews for complex, embedded medical devices or similar technologies. Demonstrated track record of creating and executing security risk assessments and mitigation strategies. In-depth understanding of cybersecurity frameworks. Understanding of privacy regulations and their intersection with medical device cybersecurity. Strong leadership, decision-making, and team-building capabilities. Excellent written and verbal communication skills. Ability to work collaboratively across multidisciplinary teams. Preferred qualifications : 5+ years of experience working in the medical device industry or a similarly regulated environment. Hands-on experience with secure coding practices, vulnerability scanning tools, fuzzing, and penetration testing methodologies. Knowledge of embedded systems security, wireless communications, network protocols, and PKI. Familiarity with FDA regulations and guidance documents for medical devices. Working knowledge of SW96/TIR57/TIR97, IEC 62304, IEC 60601, and ISO 14971. Relevant certifications are a plus. Boston Scientific Corporation has been and will continue to be an equal opportunity employer.

#J-18808-Ljbffr