Product Security Engineer

We're hiring! If you want your contributions to make a real difference, check out this new career opportunity with us at Draeger where we are led by the guiding principle "Technology for Life"

The Product Security Engineer plays a critical role in safeguarding connected medical devices and systems. This position is responsible for identifying and mitigating security risks through active participation in architecture and design reviews, as well as prioritizing remediation efforts based on risk assessments. By triaging results from internal and external testing, implementing security measures, and fostering a security-first mindset, the role ensures compliance with corporate cybersecurity policies and regulatory standards. Additionally, the engineer remains up-to-date with emerging cybersecurity trends and evolving regulations to drive the development and delivery of secure, cutting-edge healthcare solutions.

Principal Accountabilities:

Risk Management and Threat Mitigation:

Conduct threat modeling, security risk evaluations, and vulnerability assessments for new and existing products and systems. Facilitate the identification and prioritization of security risks, collaborating with engineering teams to implement appropriate remediation strategies.

Security Architecture and Design:

Lead the design and definition of secure architectures for medical device systems, including embedded solutions. Ensure alignment with product security requirements, industry best practices, and regulatory standards.

Product Security Implementation:

Integrate security into the product development lifecycle, from design through deployment. Guide cross-functional teams in implementing robust security controls and ensure adherence to secure coding and deployment practices.

Security Testing and Validation:

Oversee security testing activities such as penetration testing, vulnerability scanning, and code reviews. Analyze results to identify security gaps and provide actionable recommendations to ensure compliance with security requirements.

Compliance with Standards and Regulations:

Maintain and enforce adherence to corporate cybersecurity policies, as well as international standards and regulations such as NIST, FDA Cybersecurity Guidance, IEC 81001-5-1, 60601-4-5 and ISO 27001. Ensure products meet or exceed regulatory expectations.

Security Awareness and Training:

Promote a security-focused culture by training product development teams on cybersecurity principles. Serve as a mentor to team members, providing guidance on implementing security measures across diverse product lines.

Incident Response Coordination:

Lead and support responses to cybersecurity incidents, ensuring swift mitigation and resolution. Coordinate communication with internal stakeholders and customers, maintaining transparency and trust.

Emerging Threat Analysis and Research:

Stay informed of evolving cybersecurity threats, trends, and technologies. Conduct proactive research on new security risks, ensuring that security strategies and measures remain forward-thinking and effective.

Performs other duties as needed and assigned.

Education:

Bachelor's degree in Computer Science, Cybersecurity, Software Engineering, or a related field.

Related Experience:

(1) Two or more years in experience Cyber Security Engineering

(2) Awareness of :

• Knowledge of secure development life cycle
• NIST Risk Management Framework
• NIST Cyber Security Framework
• Cyber Security Maturity Model

Special Competencies or Certifications:

• GSEC, Security+, or equivalent professional certifications.
• Additional certifications in specialized areas such as CEH, OSCP, or GPEN are a plus.

Desirable Tools Competencies:

• Nessus, Qualys, OpenVAS
• Coverity, Fortify, SonarQube, Veracode
• Metasploit, Burp Suite, OWASP ZAP, Kali Linux
• Microsoft Threat Modeling Tool, OWASP Threat Dragon
• Splunk, Wireshark

Work Environment / Conditions:

• Ability to work together with others and in a team atmosphere; while displaying civility, cordiality, friendliness, empathy, etc.
• Ability to work in a fast-paced environment with varying amounts of individual responsibilities, conflict resolution, redirected priorities, etc.
• Willing to travel if needed

Draeger has several sites located across North America as well as field-based sales and service positions. Our North America headquarters is located in Telford, PA just north of Philadelphia. We also have US sites in Andover, MA, and Houston, TX. Our Canada site is located in Mississauga, Ontario.

The design, development and manufacturing of Draeger's Patient Monitoring product line takes place in our Andover, Massachusetts location.

EEO is the Law

Draeger is an Equal Opportunity Employer. To learn more: Know Your Rights: Workplace Discrimination is Illegal (dol.gov)

From hospitals to fire departments to industrial customers, people around the world rely on our products: cutting-edge technology that combines real engineering with the digital future. With over 130 years of experience, passion and the bold ideas of more than 16,000 employees, we are committed to turning technology into technology for life.