Job Description :

• Security Architect to design, implement, and maintain secure systems and processes within an FDA-regulated medical device environment.
• The role focuses on overseeing Product Security Incident Response Team (PSIRT) processes for R&D while delivering critical security architecture artifacts, including Global System View , Multi-Patient Harm View , Updateability/Patchability View , and Security Use Case View .
• The ideal candidate will drive proactive risk mitigation, ensure compliance with regulatory standards, and enhance the security posture of medical systems as well as cloud systems with patient safety as a core priority.

Key Responsibilities:

1. Security Architecture Development

• Develop and maintain comprehensive architecture and artifacts for multiple device platforms with the help of respective platform R&D team:
• Global System View : High-level design illustrating interconnected systems and data flows.
• Multi-Patient Harm View : Analyze and mitigate potential security threats leading to risks for multiple patients.
• Updateability/Patchability View : Ensure systems support secure and timely updates/patches to address vulnerabilities.
• Security Use Case View : Define security requirements and controls based on specific use cases and threat models.
• Collaborate with cross-functional teams (Product, DevOps, IT, Regulatory) to integrate security into the product lifecycle.

2. Product Security Incident Response Team (PSIRT)

• Lead the PSIRT process for R&D alongside PSIRT lead for IT, ensuring swift response and mitigation of product vulnerabilities.
• Establish incident playbooks and coordinate root cause analysis (RCA) for reported security incidents.
• Work with engineering teams to implement fixes and ensure long-term improvements.

3. Risk Assessment & Compliance

• Perform risk analyses to evaluate security threats, especially those with potential impacts on patient safety.
• Ensure compliance with FDA cybersecurity guidelines, including premarket and postmarket regulatory expectations.
• Collaborate with Quality and Regulatory teams to provide security input for FDA submissions and audits.

4. System Updateability & Patchability

• Design architecture that prioritizes efficient, secure software updates and patch management across deployed systems.
• Establish automated processes for vulnerability scanning and remediation.

5. Collaboration & Stakeholder Communication

• Provide technical leadership and mentoring to engineering and operations teams on secure design principles.
• Communicate security risks, incidents, and mitigations to senior leadership and external regulators.

The expected salary range for this position is between $75,000 to $1,43,500 annually. The actual salary may vary based upon several factors including, but not limited to, relevant skills/experience, time in role, base salary of internal peers, prior performance, business line, and geographic/office location.