Principal Product Cybersecurity Engineer (Boston Hybrid - 3 days on site)

Responsibilities

• Secure Product Development & SaMD Security
• Embed security into the medical device and SaMD SDLC, including secure design reviews, threat modeling, and security requirements definition.
• Perform threat modeling and architecture reviews for: Device software and firmware
• Cloud-connected services and APIs
• Mobile and web applications supporting medical devices
• Define and validate security controls for authentication, authorization, encryption, and data protection in patient-impacting systems.
• Partner with Quality and Regulatory teams to ensure cybersecurity requirements are documented, traceable, and auditable.
• Cloud & Backend Product Security (AWS)
• Secure AWS-hosted product backends supporting medical devices and SaMD.
• Design and review security architectures using AWS services
• Implement product-focused logging, monitoring, and threat detection
• DevSecOps & Supply Chain Security
• Integrate security testing into CI/CD pipelines, including SAST, DAST, dependency scanning, container scanning, and secrets detection.
• Establish and maintain SBOM practices and third-party component governance for medical device software.
• Define and enforce secure standards for container images, including hardening, scanning, signing, and runtime protections.
• Support secure build, artifact signing, and release integrity controls.
• Vulnerability Management & Post-Market Cybersecurity
• Support product vulnerability intake, triage, and remediation across device software and cloud services.
• Assist with vulnerability disclosure, security advisories, and post-market cybersecurity activities.
• Collaborate with incident response teams to investigate and contain product-related security events.
• Technical Leadership
• Serve as the product security subject matter expert for engineering teams.
• Mentor engineers and influence secure design decisions through practical guidance and standards.
• Drive continuous improvement in product security maturity and resilience.
• Required Qualifications
• 10+ years of experience in cybersecurity engineering with a strong focus on product and application security
• Direct experience securing medical devices, connected devices, or SaMD in a regulated healthcare environment.
• Strong understanding of: Secure SDLC and DevSecOps practices
• Threat modeling methodologies
• OWASP Top 10 and API security risks
• Hands-on experience with AWS cloud security in support of products and services.
• Familiarity with healthcare and product security frameworks, including NIST CSF/800-53 and ISO 27001.
• Ability to work effectively across Engineering, Quality, Regulatory, and Product teams.

Requirements

• Experience with medical device standards and guidance, including: IEC 62304, ISO 14971, ISO 13485
• FDA cybersecurity expectations, UL 2900, AAMI TIR57/TIR97
• EU MDR and IEC 81001‑5‑1
• Exposure to CSPM, CIEM, or cloud workload protection platforms.
• Certifications (One or More Required)
• CISSP (ISC²) or CISM (ISACA)
• CompTIA Security+ or CySA+
• GIAC certifications (e.g., GSEC, GWAPT, GPEN)
• Strongly Preferred
• AWS Certified Security - Specialty
• CCSP (ISC²)
• Tools & Technologies
• Cloud: AWS (IAM, VPC, ECS, Lambda, S3, RDS, KMS, CloudTrail, GuardDuty)
• Product Security: Veracode - SAST/DAST, dependency & container scanning, SBOM
• DevOps: AWS CI/CD pipelines, Infrastructure as Code (Terraform)
• Please note that no relocation package is offered for this role.
• EEO Policy Statement
• Pay Transparency:
• Depending on your locat

Benefits

Additional Information

We are constantly looking to add to our core talent. If you are seeking a career that is challenging and rewarding, a work environment that is diverse and dynamic, look no further - Haemonetics is your employer of choice. Job Details

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at haemonetics? Share your experience