Product Security Architect

Product Security Architect

RESPONSIBILITIES

This position is responsible for designing and implementing software security controls in an implantable neuromodulation system, including:

• mobile applications used by physicians and patients,

• firmware for implantable pulse generators and communication wands,

• supplemental services, such as cloud-based keystores, continuous deployment pipelines, and mobile device management tools.

PRIMARY ACTIVITIES

• Lead the product security team for Neuromodulation R&D

• Conduct application security assessments, threat modeling, quantitative vulnerability analysis and architecture reviews.

• Work with software development, product management, quality, and regulatory personnel to ensure that LivaNova's product security policies and procedures are fully integrated within our products and services.

• Assist with security testing of products, including internal penetration testing and working with third-party security assessment and pen testing vendors.

• Analyze software, firmware, and hardware for security vulnerabilities and collaborate with developers and infrastructure teams to plan/implement security controls.

• Document compliance of security controls to regulatory guidelines and standards.

• Author externally facing security communications, such as design documents for regulatory bodies, cybersecurity bill of materials, manufacturer disclosure statements.

REQUIREMENTS AND QUALIFICATIONS

• 6+ years of experience in product security in a large organization

• Excellent knowledge of Information Security standards, frameworks, and standard methodologies for product security

• Solid understanding of Cybersecurity with software/application or product development

• Prior experience with threat modeling and hazard-analysis frameworks such as STAMP, STRIDE etc.

• Knowledge of software development lifecycle

• DevSecOps mindset and experience integrating security tools into CI/CD pipelines.

• Experience in making security design trade-offs (e.g.: complexity vs. speed vs. vulnerability).

• Proficiency in writing protocols, reports, and engineering documentation

• Experience working in a regulatory environment

NICE TO HAVE

• Experience in Medical device industry and HIPAA regulations

• BS or MS in Electrical Engineering, Computer Engineering, Computer Science, Biomedical Engineering, or a related field.

Position type: contract to hire

Duration 6 Months CTH

Rate:/Salary: DOE

Location: Anywhere in USA, remote is ok

No Sponsorship

Employee benefits once fulltime :

• Health benefits Medical, Dental, Vision

• Personal and Vacation Time

• Retirement & Savings Plan (401K)

• Employee Stock Purchase Plan

• Training & Education Assistance

• Bonus Referral Program

• Service Awards

• Employee Recognition Program

• Flexible Work Schedules