Product Security Engineer

Join a team that is changing millions of lives.

Transforming smiles, changing lives.

At Align Technology, we believe a great smile can transform a person's life, so we create technology that gives people the confidence to take on whatever's next. We revolutionized the orthodontic industry with the introduction of the Invisalign system, and we have never lost sight of that spirit of innovation. Our diverse and collaborative teams are constantly pushing the boundaries of what's possible.

Ready to join us?

About this opportunity

Align is looking for a Product Security Engineer in Technology Governance and Compliance for our Raleigh location. The Product Security Engineer should have exceptional skills with privacy and security by design, formal standards documentation, information security or application security, product development life cycle for medical devices, and experience with risk management and project management. This role will report directly to the Senior Manager, Product Security and will collaborate with the Information Security, Technology Governance, Risk, and Compliance, Regulatory Affairs and Quality Assurance, and Product Research and Development teams to ensure every medical device both hardware and software launched is as secure as it can be and increasing the assurance levels of security in the infrastructure underlying all our products. This team will also focus on increasing the capabilities of each product team to develop more secure products by design and by default, from patterns, tools and frameworks to increasing the skill level of development teams. In this role, you will analyze data, surface trends, and ensure compliance of product security regulatory requirements for software in a medical device or software as a medical device.

In this role, you will…

• Coordinate with cross-functional teams for medical device security requirements throughout the total product lifecycle such as risk assessment, security testing (SAST, DAST, SCA, penetration testing), and publication of product security collaterals.

• Perform and participate in medical device security risk assessments to include threat modeling, security design controls, mitigations, and publication of assessment reports.

• Support Regulatory Affairs and Quality Assurance teams with regulatory submissions to include US FDA, EU MDR, China NMPA and other international regulatory bodies.

• Active engagement with development teams to include review of architecture flows, data flows, and system or software design requirements for compliance with product security regulatory requirements for medical devices.

• Assess conformance with monitoring and reporting of product security vulnerability management through vulnerability scans, customer complaints, and third parties.

In this role, you'll need …

• To be an independent self-directed worker with experience using soft power to navigate obstacles.

• Excellent verbal and written communication skills comfortable interacting at all levels of the organization.

• Effective problem-solving skills with particular emphasis on root cause analysis with attention to details.\

• Demonstrated project management and decision-making skills.

• Experience with regulatory compliance and submissions.

• An appetite for new technology knowledge, especially in medical device security, and the ability to research, understand, and apply new information to confirm with regulatory requirements.

• Ability to work as a team player to achieve individual and company success.

Requirements:

• Bachelor (undergraduate) degree in a relevant field (Cybersecurity/Security, Software Engineer, Computer Engineer, Biomedical Engineer, Risk Management, or others) OR an equivalent combination of education, training, and experience in the medical device industry, preferably with software in a medical device or software as a medical device.

• Minimum of 5 years of professional experience with any combination of at least 2 technical disciplines, including the following: application security, medical device security, risk management, biomedical engineering, medical device design (SiMD/SaMD), and cloud security

• Thorough knowledge of application of risk management to medical devices (ISO 14971), medical device quality management requirements (ISO 13485); and Medical Device Software - Software Life Cycle (ISO 62304) processes.

Preferred:

• Experience working with people across multiple global geographies

• Demonstrate knowledge in understanding and applying medical device cybersecurity regulations, standards, and principles such as those published by ISO/IEC, AAMI, HSCC, EU MDR, NMPA, FDA.

• Information Security professional certification such as CMRP, HCISPP, CISM, CISA, CISSP, CompTIA, CHP, CRMP, and/or other certifications related to cyber forensics, threat intelligence, incident handling or ethical hacking.

• A passion for self-improvement through learning in all disciplines- but especially in information technology - and discovering how to apply that knowledge to better assess risk in software in a medical device or software as a medical device.

Travel:

• 10% - with some international travel required

Sound like a good fit?

Great! Click the "Apply" link to let us know you are interested. Not the right fit? Don't worry, Align is quickly growing so we are creating more opportunities to expand our Align family. Please consider joining our Talent Network to receive notifications about future jobs or sharing this opportunity with others in your network.

About Align

Align Technology is a publicly traded medical device company that is transforming smiles and changing lives. Our global team of talented employees develop innovative technology, tools and treatment options to help dental professionals worldwide achieve the clinical results they expect. Our digital ecosystem combines the power of technology to create beautiful smiles through the integration of AI and machine learning, digital imaging and visualization, biomechanics and material science to develop the Invisalign system, the most advanced clear aligner system in the world; iTero Intraoral Scanners and OrthoCAD digital services. Did you know? Align is the world's largest manufacturer of custom 3D-printed materials.

By joining Align, you will be part of a global, fast-growing company in one of the most dynamic industries. Great people, innovative technologies, and meaningful work - these are just some of the things employees say make Align Technology a great place to work.

We respect your privacy. Please review our Applicant Privacy Policies for additional information.

Global Diversity Statement:

At Align, we believe in the power of a smile, and we know that every smile is as unique as our employees. As we grow, we will continue building a workforce of diverse cultural backgrounds and life experiences and fostering a culture of open-mindedness and compassion for all our employees. We live our company values by promoting healthy people and healthy communities. All with the intent of changing millions of lives, one unique smile at a time.

Equal Opportunity Statement

It is our policy to provide equal employment opportunity in all of our employment practices without regard to race, color, religion, sex, national origin, ancestry, marital status, protected veteran status, age, individuals with disabilities, sexual orientation or gender identity or expression or any other legally protected category. Applicants for positions with Align must be legally authorized to work in the country which they are applying for and verification of employment eligibility will be required as a condition of hire.

#LI-JM1

#LI-Hybrid