About the Company - Please find below the job description of the 6-month contract to hire cybersecurity architect role that we are hiring. It is a hybrid role with 3 days in person in Hercules. Please let me know if you have any questions.
About the Role - We are seeking a Security Architect to design, implement, and maintain secure systems and processes within an FDA-regulated medical device environment. The role focuses on overseeing Product Security Incident Response Team (PSIRT) processes for R&D while delivering critical security architecture artifacts, including Global System View, Multi-Patient Harm View, Updateability/Patchability View, and Security Use Case View. The ideal candidate will drive proactive risk mitigation, ensure compliance with regulatory standards, and enhance the security posture of medical systems as well as cloud systems with patient safety as a core priority.
Responsibilities -
- Security Architecture Development
- Product Security Incident Response Team (PSIRT)
- Risk Assessment & Compliance
- System Updateability & Patchability
- Collaboration & Stakeholder Communication
Develop and maintain comprehensive architecture and artifacts for multiple device platforms with the help of respective platform R&D team:
- Global System View: High-level design illustrating interconnected systems and data flows.
- Multi-Patient Harm View: Analyze and mitigate potential security threats leading to risks for multiple patients.
- Updateability/Patchability View: Ensure systems support secure and timely updates/patches to address vulnerabilities.
- Security Use Case View: Define security requirements and controls based on specific use cases and threat models.
Collaborate with cross-functional teams (Product, DevOps, IT, Regulatory) to integrate security into the product lifecycle. Lead the PSIRT process for R&D alongside PSIRT lead for IT, ensuring swift response and mitigation of product vulnerabilities. Establish incident playbooks and coordinate root cause analysis (RCA) for reported security incidents. Work with engineering teams to implement fixes and ensure long-term improvements. Perform risk analyses to evaluate security threats, especially those with potential impacts on patient safety. Ensure compliance with FDA cybersecurity guidelines, including premarket and postmarket regulatory expectations. Collaborate with Quality and Regulatory teams to provide security input for FDA submissions and audits. Design architecture that prioritizes efficient, secure software updates and patch management across deployed systems. Establish automated processes for vulnerability scanning and remediation. Provide technical leadership and mentoring to engineering and operations teams on secure design principles. Communicate security risks, incidents, and mitigations to senior leadership and external regulators.
Qualifications -
- Required:
- Bachelor’s degree in Computer Science, Information Security, or a related field.
- 7+ years of experience in cybersecurity, including architecture design in a regulated environment (preferably FDA, healthcare, or medical devices).
- Proven experience leading PSIRT processes, vulnerability management, and incident response.
- Expertise in developing security architecture views and artifacts for complex systems.
- Strong understanding of FDA cybersecurity requirements, standards (e.g., IEC 81001, NIST, OWASP, IMDRF etc.).
- Experience with risk analysis methodologies focused on patient safety and multi-patient harm scenarios.
- Knowledge of updateability/patchability frameworks and secure development lifecycle (SDLC).
- Preferred:
- Master’s degree in a technical field.
- Certifications: CISSP, CSSLP, CISM, or equivalent.
- Experience with cloud-based systems, IoT security, or medical device security.