Embedded Security Engineer

As an Embedded Security Engineer with a Medical Device company we are working with, you will play a crucial role in ensuring the security and integrity of our medical device products. You will work closely with cross-functional teams to design, develop, implement, and maintain security measures for our embedded systems. Your expertise in embedded systems security will contribute to the protection of patient data, the prevention of unauthorized access, and the overall safety of our medical devices.
Responsibilities:

1. Develop and implement security measures for embedded systems used in medical devices.
2. Conduct security assessments, threat modeling, and risk analysis for embedded systems.
3. Collaborate with software and hardware engineers to integrate security features into product designs.
4. Design and implement secure boot mechanisms, authentication protocols, and encryption algorithms for embedded systems.
5. Perform vulnerability assessments and penetration testing on embedded systems.
6. Conduct security code reviews and provide recommendations for remediation.
7. Collaborate with regulatory teams to ensure compliance with relevant security standards and regulations (e.g., FDA, ISO 13485).
8. Contribute to the development of secure coding guidelines and standards for embedded systems.
9. Collaborate with external security researchers and vendors to address security issues and vulnerabilities.

Requirements:

1. Bachelor's degree in Computer Science, Electrical Engineering, or a related field. A Master's degree is a plus.
2. Solid experience in embedded systems security, with a focus on medical device security.
3. Knowledge of security principles, protocols, and standards relevant to embedded systems (e.g., secure boot, encryption, authentication, secure communication).
4. Experience with vulnerability assessment and penetration testing tools and methodologies.
5. Familiarity with regulatory requirements and standards related to medical device security (e.g., FDA guidance, IEC 62304, ISO 14971, ISO 27001).
6. Strong understanding of secure coding practices and software development lifecycle (SDLC) processes.
7. Experience with threat modeling and risk analysis methodologies.
8. Ability to analyze complex systems and identify potential security vulnerabilities.

Applicants must be currently authorized to work in the US on a full-time basis now and in the future.