Lead Product Security Engineer; R&D Cytology

Lead Product Security Engineer (R&D Cytology)

Marlborough, MA, United States
San Diego, CA, United States

Discover a career with real meaning. One that offers the opportunity to showcase your talents, achieve measurable success and gain immense satisfaction by enabling healthier lives everywhere, every day.

Our Software Engineering (R&D) department in our Diagnostics division is looking for a Security Engineer experienced in medical device and/or instruments security and systems to join our team, pivotal in building and enhancing security in our products and services! As a Lead Product Security Engineer and the SME for our Cytology R&D team, you will the key cybersecurity representative ensuring that our products are meeting industry standards and FDA requirements throughout the product lifecycle, including post-market.

This is a hybrid role based out of either Marlborough, MA or San Diego, CA.

• Maintain vigilance on industry security threats, assess risks to Hologic products, and manage these risks according to established quality procedures.
• Participate in continuous improvement of our Secure by Design principles and implementation, ensuring adherence to security standards and best practices.
• Support the creation and maintenance of security design documentation and architecture diagrams.
• Collaborate with cross-functional teams (Product Engineering, Dev Sec Ops , Regulatory, Quality) to integrate security into the product lifecycle.
• Define security requirements and controls based on specific use cases and threat models.
• Perform regular risk analyses to evaluate security threats and vulnerabilities, prioritizing uncontrolled risks with potential impacts on patient safety.
• Perform Security Risk Management activities to address identified vulnerabilities and security design issues, including regular review and assessment of risk against CVEs.
• Establish automated processes for vulnerability scanning and remediation.
• Educate the development and leadership teams on securing products, remote connectivity solutions, and their operating environments.
• Work with cross-functional teams to ensure that SBOMs are correct and can be used as part of our continuous vulnerability monitoring process.
• Design architecture that prioritizes efficient, secure software updates and patch management across deployed systems.
• Establish incident playbooks and coordinate root cause analysis (RCA) for reported security incidents.
• Work with Dev Sec Ops  and Software Engineers to review code static analysis and third-party software assessment reports.

• Collaborate with Program Management and Regulatory teams to provide security input for audits and FDA submissions.
• Maintain current knowledge of FDA and other regulatory body’s cybersecurity guidance and standards, such as ISO, IEC, NIST, AAMI, CSLI, UL, BSI, HIPAA, GDPR, State and Federal security standards, and ACTS for premarket and post-market activities.
• Assist in translating cybersecurity requirements into product requirements for new and existing product designs, as well as assisting with the definition of verifications for traceability.
• Assist with efforts to establish penetration testing suites for continuous testing and monitoring of our product solution.

• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or related engineering equivalent.
• Minimum of 8 - 12 years of professional experience in product security/cybersecurity engineering.
• Demonstrated competency in Cybersecurity education and training through certifications (e.g., CISSP, CompTIA Security+, etc.).
• Strong interpersonal skills, with the ability to communicate cybersecurity concepts to a variety of audiences.
• Skilled in working within cross-functional groups.
• Skilled in performing Risk Assessment and Management plan.
• Skilled in writing design documentation and standard operating procedures.
• Experience working in an FDA regulated environment is required.
• Thorough familiarity with FDA and other regulatory body Cybersecurity Guidelines and cybersecurity standards such as NIST, AAMI, CSLI, UL, BSI,…