Boston Scientific
Principal Cybersecurity Design Quality Engineer
Boston Scientific, Osseo, Minnesota, United States, 55311
Principal Cybersecurity Design Quality Engineer
Join to apply for the
Principal Cybersecurity Design Quality Engineer
role at
Boston Scientific Boston Scientific is seeking an experienced Principal Design Quality Cybersecurity Engineer with a strong background in the design, development, and testing of cybersecurity features and controls within the Interventional Cardiology division. This individual will be responsible for overseeing and guiding the cybersecurity strategy throughout the product lifecycle, ensuring compliance with relevant standards and regulations. At Boston Scientific, we value collaboration and synergy. This role follows a hybrid work model requiring employees to be in our local office three days per week. Relocation assistance is available for this position at this time. Boston Scientific will not offer sponsorship or take over sponsorship of an employment visa for this position at this time. Your Responsibilities Will Include
Interpret and apply relevant cybersecurity standards and regulations (e.g., FDA/CMDE/MDCG Cybersecurity Guidance, IEC 62443, ISO 14971, HIPAA, GDPR) to ensure product compliance. Stay current with emerging regulations and standards related to medical device security. Collaborate with product development teams to embed security controls throughout the design, development, and maintenance phases. Self-motivated with a passion for solving problems and a bias for action. Ensure that medical device security engineering activities and deliverables comply with Boston Scientific's global quality system requirements and procedures. Collaborate with team on product security needs and requirements; review product security architectures and design specifications. Collaborate in planning of software verification and validation strategies. Review vulnerability assessments, fuzzing and penetration testing to identify and mitigate risks. Ensure continued consistent best practices and processes for secure coding, configuration management, and patching. Develop and implement risk mitigation strategies and maintain risk management documentation consistent across the ICTx portfolio. Oversee and enhance incident response plans and processes, ensuring rapid and effective resolution of security incidents. Drive continuous improvement of vulnerability management, including the evaluation and deployment of necessary patches or updates. Work closely with internal stakeholders (Software Development, R&D, Regulatory, IT, etc.) to align on security goals and requirements. Participate in internal and external audits, and address findings related to cybersecurity design and risk management processes. Required Qualifications
Bachelor’s degree in Cybersecurity, Computer Science, Computer Engineering, or a related field and 9+ years of experience in cybersecurity engineering, with a focus on product development and risk management; or Master’s degree and 7+ years of experience. Proven experience leading security design and architecture reviews for complex, embedded medical devices or similar technologies. Demonstrated track record of creating and executing security risk assessments and mitigation strategies. In-depth understanding of cybersecurity frameworks (e.g., NIST Cybersecurity Framework). Understanding of privacy regulations (HIPAA, GDPR) and their intersection with medical device cybersecurity. Strong leadership, decision-making, and team-building capabilities. Excellent written and verbal communication skills for interfacing with technical teams, stakeholders, and executive leadership. Ability to work collaboratively across multidisciplinary teams, bridging gaps between technical, regulatory, and business functions. Preferred Qualifications
5+ years of experience working in the medical device industry or a similarly regulated environment. Hands-on experience with secure coding practices, vulnerability scanning tools, fuzzing, and penetration testing methodologies. Knowledge of embedded systems security, wireless communications, network protocols, and PKI. Familiarity with FDA regulations and guidance documents for medical devices. Experience supporting VA Handbook 6500 compliance and ISO/IEC 27001 certification. Relevant certifications (e.g., GIAC, OffSec, CISSP, CISM, CRISC) are a plus. Boston Scientific Corporation is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, veteran status, or disability status.
#J-18808-Ljbffr
Join to apply for the
Principal Cybersecurity Design Quality Engineer
role at
Boston Scientific Boston Scientific is seeking an experienced Principal Design Quality Cybersecurity Engineer with a strong background in the design, development, and testing of cybersecurity features and controls within the Interventional Cardiology division. This individual will be responsible for overseeing and guiding the cybersecurity strategy throughout the product lifecycle, ensuring compliance with relevant standards and regulations. At Boston Scientific, we value collaboration and synergy. This role follows a hybrid work model requiring employees to be in our local office three days per week. Relocation assistance is available for this position at this time. Boston Scientific will not offer sponsorship or take over sponsorship of an employment visa for this position at this time. Your Responsibilities Will Include
Interpret and apply relevant cybersecurity standards and regulations (e.g., FDA/CMDE/MDCG Cybersecurity Guidance, IEC 62443, ISO 14971, HIPAA, GDPR) to ensure product compliance. Stay current with emerging regulations and standards related to medical device security. Collaborate with product development teams to embed security controls throughout the design, development, and maintenance phases. Self-motivated with a passion for solving problems and a bias for action. Ensure that medical device security engineering activities and deliverables comply with Boston Scientific's global quality system requirements and procedures. Collaborate with team on product security needs and requirements; review product security architectures and design specifications. Collaborate in planning of software verification and validation strategies. Review vulnerability assessments, fuzzing and penetration testing to identify and mitigate risks. Ensure continued consistent best practices and processes for secure coding, configuration management, and patching. Develop and implement risk mitigation strategies and maintain risk management documentation consistent across the ICTx portfolio. Oversee and enhance incident response plans and processes, ensuring rapid and effective resolution of security incidents. Drive continuous improvement of vulnerability management, including the evaluation and deployment of necessary patches or updates. Work closely with internal stakeholders (Software Development, R&D, Regulatory, IT, etc.) to align on security goals and requirements. Participate in internal and external audits, and address findings related to cybersecurity design and risk management processes. Required Qualifications
Bachelor’s degree in Cybersecurity, Computer Science, Computer Engineering, or a related field and 9+ years of experience in cybersecurity engineering, with a focus on product development and risk management; or Master’s degree and 7+ years of experience. Proven experience leading security design and architecture reviews for complex, embedded medical devices or similar technologies. Demonstrated track record of creating and executing security risk assessments and mitigation strategies. In-depth understanding of cybersecurity frameworks (e.g., NIST Cybersecurity Framework). Understanding of privacy regulations (HIPAA, GDPR) and their intersection with medical device cybersecurity. Strong leadership, decision-making, and team-building capabilities. Excellent written and verbal communication skills for interfacing with technical teams, stakeholders, and executive leadership. Ability to work collaboratively across multidisciplinary teams, bridging gaps between technical, regulatory, and business functions. Preferred Qualifications
5+ years of experience working in the medical device industry or a similarly regulated environment. Hands-on experience with secure coding practices, vulnerability scanning tools, fuzzing, and penetration testing methodologies. Knowledge of embedded systems security, wireless communications, network protocols, and PKI. Familiarity with FDA regulations and guidance documents for medical devices. Experience supporting VA Handbook 6500 compliance and ISO/IEC 27001 certification. Relevant certifications (e.g., GIAC, OffSec, CISSP, CISM, CRISC) are a plus. Boston Scientific Corporation is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, veteran status, or disability status.
#J-18808-Ljbffr