Lead Product Security Engineer

Lead Product Security Engineer (R&D Cytology)

Marlborough, MA, United States

San Diego, CA, United States

Discover a career with real meaning. One that offers the opportunity to showcase your talents, achieve measurable success and gain immense satisfaction by enabling healthier lives everywhere, every day.

Our Software Engineering (R&D) department in our Diagnostics division is looking for a Security Engineer experienced in medical device and/or instruments security and systems to join our team, pivotal in building and enhancing security in our products and services As a Lead Product Security Engineer and the SME for our Cytology R&D team, you will the key cybersecurity representative ensuring that our products are meeting industry standards and FDA requirements throughout the product lifecycle, including post-market.

This is a hybrid role based out of either Marlborough, MA or San Diego, CA.

Key responsibilities and applied experience required from a candidate:

• Maintain vigilance on industry security threats, assess risks to Hologic products, and manage these risks according to established quality procedures.

• Participate in continuous improvement of our Secure by Design principles and implementation, ensuring adherence to security standards and best practices.

• Support the creation and maintenance of security design documentation and architecture diagrams.

• Collaborate with cross-functional teams (Product Engineering, DevSecOps, Regulatory, Quality) to integrate security into the product lifecycle.

• Define security requirements and controls based on specific use cases and threat models.

• Perform regular risk analyses to evaluate security threats and vulnerabilities, prioritizing uncontrolled risks with potential impacts on patient safety.

• Perform Security Risk Management activities to address identified vulnerabilities and security design issues, including regular review and assessment of risk against CVEs.

• Establish automated processes for vulnerability scanning and remediation

• Educate the development and leadership teams on securing products, remote connectivity solutions, and their operating environments.

• Work with cross-functional teams to ensure that SBOMs are correct and can be used as part of our continuous vulnerability monitoring process

• Design architecture that prioritizes efficient, secure software updates and patch management across deployed systems.

• Establish incident playbooks and coordinate root cause analysis (RCA) for reported security incidents.

• Work with DevSecOps and Software Engineers to review code static analysis and third-party software assessment reports.

Experiences that are nice to have:

• Collaborate with Program Management and Regulatory teams to provide security input for audits and FDA submissions.

• Maintain current knowledge of FDA and other regulatory body's cybersecurity guidance and standards, such as ISO, IEC, NIST, AAMI, CSLI, UL, BSI, HIPAA,

• GDPR, State and Federal security standards, and ACTS for premarket and post-market activities.

• Assist in translating cybersecurity requirements into product requirements for new and existing product designs, as well as assisting with the definition of verifications for traceability.

• Assist with efforts to establish penetration testing suites for continuous testing and monitoring of our product solution.

Minimum Requirements:

• Bachelor's or Master's degree in Computer Science, Cybersecurity, or related engineering equivalent.

• Minimum of 8 - 12 years of professional experience in product security/cybersecurity engineering

• Demonstrated competency in Cybersecurity education and training through certifications (e.g., CISSP, CompTIA Security+, etc.)

• Strong interpersonal skills, with the ability to communicate cybersecurity concepts to a variety of audiences.

• Skilled in working within cross-functional groups.

• Skilled in performing Risk Assessment and Management plan

• Skilled in writing design documentation and standard operating procedures.

• Experience working in an FDA regulated environment is required.

• Thorough familiarity with FDA and other regulatory body Cybersecurity Guidelines and cybersecurity standards such as NIST, AAMI, CSLI, UL, BSI, HIPAA, GDPR, State and Federal security standards, and ACTS for premarket and post-market activities.

• Strong verbal & written communication skills.

• Familiarity with Windows OS and cloud-based solutions is required

• Expertise with security frameworks and testing tools, and how to incorporate the results of those into cybersecurity requirements for the Product Development team.

• Proficiency in scripting and simple test automation (e.g., PowerShell, Python).

The annualized base salary range for this role is $131,500 to $205,800 and is bonus eligible. Final compensation packages will ultimately depend on factors including relevant experience, skillset, knowledge, geography, education, business needs, and market demand.

Why Hologic?

We are committed to making Hologic the company where top talent comes to grow. For you to succeed, we want to enable you with the tools and knowledge required and so we provide comprehensive training when you join as well as continued development and training throughout your career.

If you have the right skills and experience, apply today

#LI-RF1 #lead-level

Agency and Third Party Recruiter Notice:

Agencies that submit a resume to Hologic must have a current executed Hologic Agency Agreement executed by a member of the Human Resource Department. In addition Agencies may only submit candidates to positions for which they have been invited to do so by a Hologic Recruiter. All resumes must be sent to the Hologic Recruiter under these terms or they will not be considered.

Hologic, Inc. is proud to be an Equal Opportunity Employer inclusive of disability and veterans.