Information Security Architect Mid

Job Title:

Medical Device Cybersecurity Engineer

Work Location:

Onsite from Day 1 – Cleveland, OH

Employment Type:

Contract (CW)

Experience Level: Senior (8+ years)

The Medical Device Cybersecurity Engineer is responsible for ensuring that medical device software, embedded systems, and connected platforms are designed, developed, and maintained in compliance with FDA cybersecurity requirements and applicable international standards. This role supports cybersecurity risk management across the full medical device lifecycle, from design and development through post‑market surveillance, and plays a critical role in regulatory submissions, FDA inspections, and audits.

• FDA & Regulatory Compliance
  • Ensure compliance with FDA medical device cybersecurity requirements, including:
    • FDA Premarket Cybersecurity Guidance
    • FDA Post‑market Cybersecurity Guidance
  • Support 510(k) cybersecurity documentation, including:
    • Cybersecurity risk assessments
    • Threat modeling
    • Security architecture descriptions
    • Software Bill of Materials (SBOM)
    • Threat & vulnerability assessments
  • Maintain cybersecurity documentation within:
    • Design History File (DHF)
    • Risk Management File (RMF)
  • Support FDA inspections, audits, and regulatory responses related to cybersecurity
• Design Controls & Risk Management
  • Perform cybersecurity risk management activities in accordance with ISO 14971
  • Identify cybersecurity hazards that could impact patient safety or device functionality
  • Define, implement, and verify cybersecurity risk controls
  • Ensure cybersecurity requirements are incorporated into:
    • Design inputs
    • Design outputs
    • Verification and validation activities
  • Support secure design reviews and change control processes
• Vulnerability Management & Post‑Market Surveillance
  • Monitor and assess cybersecurity vulnerabilities impacting medical devices, including:
    • Third‑party software
    • Open‑source components (SOUP)
  • Support coordinated vulnerability disclosure processes aligned with FDA expectations
  • Participate in:
    • Post‑market surveillance
    • Complaint handling
    • CAPA activities related to cybersecurity
  • Support incident response and field corrective actions as needed
• Technical Security Responsibilities
  • Conduct or support:
    • VAPT (Hardware & Firmware)
    • Threat modeling
    • Security testing (SAST, DAST, SCA)
  • Evaluate and implement security controls, including:
    • Authentication and authorization
    • Encryption and key management
    • Secure boot and firmware integrity
    • Logging and audit trails
  • Perform SBOM and SOUP analysis
  • Assess cybersecurity risks associated with:
    • Embedded medical devices
    • Cloud services
    • Mobile applications
    • Network‑connected systems
  • Review supplier cybersecurity documentation and SBOMs
  • Ensure supplier cybersecurity risks are documented and mitigated per quality system requirements
• Must‑Have Skills & Experience
  • Strong experience with medical embedded devices
  • Hands‑on experience with VAPT (Hardware & Firmware)
  • Proven expertise in:
    • Design History File (DHF) documentation
    • Risk Management File (RMF) documentation
    • Threat Modeling
    • SAST, DAST, and SCA
    • SBOM and SOUP analysis
  • In‑depth knowledge of:
    • FDA medical device regulations
    • 510(k) submissions
    • ISO 13485 and ISO 14971
• Qualifications
  • Bachelor’s degree in Cybersecurity, Computer Science, Software Engineering, Electrical Engineering, or related field
  • Minimum 8 years of cybersecurity experience, with direct experience in medical devices
  • Demonstrated experience supporting regulatory documentation and FDA submissions