We are seeking a Security Architect to design, implement, and maintain secure systems and processes within an FDA-regulated medical device environment. The role focuses on overseeing Product Security Incident Response Team (PSIRT) processes for R&D while delivering critical security architecture artifacts, including Global System View, Multi-Patient Harm View, Updateability/Patchability View, and Security Use Case View. The ideal candidate will drive proactive risk mitigation, ensure compliance with regulatory standards, and enhance the security posture of medical systems as well as cloud systems with patient safety as a core priority.

Key Responsibilities:

1. Security Architecture Development

Develop and maintain comprehensive architecture and artifacts for multiple device platforms with the help of respective platform R&D team:

Global System View: High-level design illustrating interconnected systems and data flows.

Multi-Patient Harm View: Analyze and mitigate potential security threats leading to risks for multiple patients.

Updateability/Patchability View: Ensure systems support secure and timely updates/patches to address vulnerabilities.

Security Use Case View: Define security requirements and controls based on specific use cases and threat models.

Collaborate with cross-functional teams (Product, DevOps, IT, Regulatory) to integrate security into the product lifecycle.

2. Product Security Incident Response Team (PSIRT)

Lead the PSIRT process for R&D alongside PSIRT lead for IT, ensuring swift response and mitigation of product vulnerabilities.

Establish incident playbooks and coordinate root cause analysis (RCA) for reported security incidents.

Work with engineering teams to implement fixes and ensure long-term improvements.

3. Risk Assessment & Compliance

Perform risk analyses to evaluate security threats, especially those with potential impacts on patient safety.

Ensure compliance with FDA cybersecurity guidelines, including premarket and postmarket regulatory expectations.

Collaborate with Quality and Regulatory teams to provide security input for FDA submissions and audits.

4. System Updateability & Patchability

Design architecture that prioritizes efficient, secure software updates and patch management across deployed systems.

Establish automated processes for vulnerability scanning and remediation.

5. Collaboration & Stakeholder Communication

Provide technical leadership and mentoring to engineering and operations teams on secure design principles.

Communicate security risks, incidents, and mitigations to senior leadership and external regulators.

Qualifications:

Required:

Bachelor's degree in Computer Science, Information Security, or a related field.

7+ years of experience in cybersecurity, including architecture design in a regulated environment (preferably FDA, healthcare, or medical devices).

Proven experience leading PSIRT processes, vulnerability management, and incident response.

Expertise in developing security architecture views and artifacts for complex systems.

Strong understanding of FDA cybersecurity requirements, standards (e.g., IEC 81001, NIST, OWASP, IMDRF etc.).

Experience with risk analysis methodologies focused on patient safety and multi-patient harm scenarios.

Knowledge of updateability/patchability frameworks and secure development lifecycle (SDLC).

Preferred:

Master's degree in a technical field.

Certifications: CISSP, CSSLP, CISM, or equivalent.

Experience with cloud-based systems, IoT security, or medical device security.

Key Competencies:

Strong analytical and problem-solving skills with a focus on patient safety.

Ability to create detailed technical artifacts and communicate them effectively to both technical and non-technical stakeholders.

Leadership and project management skills in cross-functional, collaborative environments.

Excellent written and verbal communication skills

If you're passionate about building secure systems that protect patients and meet FDA regulatory standards, we encourage you to apply and join our mission-driven team.

How the candidate will make an impact?

The Security Architect will play a pivotal role in ensuring the security and resilience of systems in an FDA-regulated environment. By blending technical expertise with a deep understanding of compliance and patient safety, this candidate will:

Strengthen Cybersecurity Posture: Develop robust security architectures and processes that minimize risks to patient safety and data integrity.

Ensure Regulatory Compliance: Align systems and processes with FDA, IEC 81001, and global regulatory requirements to meet stringent compliance standards.

Enhance Incident Response: Lead the Product Security Incident Response Team (PSIRT) to swiftly mitigate threats and ensure long-term security improvements.

Drive Innovation in Design: Embed security into product development, ensuring secure-by-design principles are consistently applied.

Foster Collaboration: Act as a bridge between technical teams and regulatory bodies to align business goals with security objectives.

What the candidate brings?

Bachelor's degree in Computer Science, Information Security, or a related field.

7+ years of experience in cybersecurity, including architecture design in a regulated environment (preferably FDA, healthcare, or medical devices).

Proven experience leading PSIRT processes, vulnerability management, and incident response.

Expertise in developing security architecture views and artifacts for complex systems.

Strong understanding of FDA cybersecurity requirements, standards (e.g., IEC 81001, NIST, OWASP, IMDRF etc.).

Experience with risk analysis methodologies focused on patient safety and multi-patient harm scenarios.

Knowledge of updateability/patchability frameworks and secure development lifecycle (SDLC).