Locations: Morrisville, North Carolina
Req ID: 27333
About this opportunity
Align is looking for a Technical Product Security Senior Engineer in Technology Governance and Compliance for our Raleigh, North Carolina or San Jose, California location. The Technical Product Security Senior Engineer should have exceptional skills with privacy and security by design, formal standards documentation, information security, product development life cycle for medical devices, and experience with risk management and project management. This role will report directly to the Senior Manager, Technology Product Security Management and will collaborate with the Information Security, Technology Governance, Risk, and Compliance, Regulatory Affairs and Quality Assurance, and Product Research and Development teams to ensure every medical device both hardware and software launched is as secure as it can be and increasing the assurance levels of security in the infrastructure underlying all our products. This team will also focus on increasing the capabilities of each product team to develop more secure products by design and by default, from patterns, tools and frameworks to increasing the skill level of development teams. In this role, you will analyze data, surface trends, and drive high impact product security programs. You will help set the focus, direction, and impact of this organization with regards to meeting product security regulatory requirements for software in a medical device or software as a medical device.
In this role, you will…
- Coordinate with cross-functional teams for security requirements throughout the total product lifecycle to include ideation, definition, development, qualification, launch, and support.
- Lead and perform product security risk assessments to include threat models, controls, and mitigations.
- Create and publish Product Security Reports.
- Support Regulatory Affairs and Quality Assurance (RAQA) in regulatory submissions to include US FDA, EU MDR, China NMPA and other international regulatory bodies.
- Represent the Product Security team throughout the product development life cycle for software in a medical device or software as a medical device.
- Active engagement with development teams to include review of architecture flows, data flows, and system or software design requirements for compliance with product security regulatory requirements for medical devices.
- Coordinate security testing of products throughout the lifecycle such as SAST, DAST, SCA, and penetration testing.
- Support cross-functional teams in the development and publishing of security related collaterals to include Product Security Whitepapers and MDS2 forms.
- Manage product security vulnerability management following our technical risk management policy through post market surveillance, customer complaints, and third-party risk.
In this role, you’ll need …
- Bachelor (undergraduate) degree in a relevant field (Computer Science, Software Engineer, Security, or others) OR an equivalent combination of education, training, and experience in the medical device industry, preferably with for software in a medical device or software as a medical device.
- Minimum of 8 years of professional experience with any combination of at least 2 technical disciplines, including the following: cloud security, network security, application security, mobile security, secure development methodologies, software development and coding, identity management, authentication and authorization, network architecture, system administration, systems engineering, and risk management.
- Thorough knowledge of FDA Quality System requirements, medical device quality management requirements (ISO 13485), application of risk management to medical devices (ISO 14971) requirements, Medical Device Regulation (MDR) requirements, Knowledge of Good Manufacturing Practices (GMP), MDSAP or other international equivalence.
- Familiar with Medical Device Software – Software Life Cycle (ISO 62304) processes.
- To be an independent self-directed worker with experience using soft power to navigate obstacles.
- An appetite for new technical knowledge, especially in security, and the ability to research, understand, and apply new information correctly.
- Excellent verbal and written communication skills comfortable interacting at all levels of the organization.
- Effective problem-solving skills with particular emphasis on root cause analysis.
- Demonstrated project management leadership skills and experience.
- Experience with regulatory compliance and submissions.
- Extensive experience reviewing technical documentation.
- 10% travel with some international travel required.
- Experience working with people across multiple global geographies, especially Russia, Israel, and China.
- Demonstrate knowledge in understanding and applying industry frameworks such as those published by ISO, NIST, OWASP, CSA, and/or AICPA
- Information Security professional certification such as CISA, CISM, CISSP, CompTIA and/or other certifications related to cyber forensics, threat intelligence, incident handling or ethical hacking.
- A passion for self-improvement through learning in all disciplines– but especially in information technology – and discovering how to apply that knowledge to better assess risk in software in a medical device or software as a medical device