Product Security Engineer in San Jose, CA / Cincinnati, OH / Raritan, NJ (Onsite)

Noblesoft Technologies
San Jose, United States of America
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior
Compensation
$ 194K

Job location

San Jose, United States of America

Tech stack

Software System Penetration Testing
Bluetooth Low Energy (Bluetooth)
Firmware
Failure Mode Effects Analysis
Fuzz Testing
Information Systems Security Architecture Professional
Key Management
Message Queuing Telemetry Transport (MQTT)
Network Protocols
Role-Based Access Control
Software Engineering
TCP/IP
Wi-Fi Technology
Fast Healthcare Interoperability Resources
Software Security
Hardware Testing
Health Level Seven International
Meditech
Devsecops
Static Application Security Testing
Vulnerability Analysis
Dynamic Application Security Testing

Job description

We are seeking a Product Security Engineer with experience in the MedTech industry, particularly supporting FDA submission deliverables. The ideal candidate will have strong expertise in product security, risk management, and regulatory compliance for medical devices. Key Responsibilities

  • Apply ISO 14971 risk management principles and integrate security risks into safety analyses such as FMEA/FMEDA and hazard analysis
  • Align security activities with IEC 62304 software lifecycle requirements and safety classifications
  • Ensure compliance with FDA cybersecurity premarket guidance (or equivalent regional standards)
  • Perform threat modeling and attack surface analysis using methodologies such as STRIDE
  • Design and implement secure-by-design architectures, including authentication, authorization, least privilege, and fail-safe mechanisms
  • Work on embedded/firmware security, including secure boot, signed firmware, hardware root of trust, and secure key storage (TPM/secure elements)
  • Apply cryptography best practices, including TLS, certificate lifecycle management, and key management
  • Conduct vulnerability assessments using SAST, DAST, fuzzing, and hardware testing methods
  • Support or execute penetration testing and red-team activities, and develop remediation plans
  • Ensure secure implementation of networking protocols (TCP/IP, BLE, Wi-Fi, MQTT, HL7/FHIR)
  • Manage software supply chain security, including SBOM creation and dependency vulnerability tracking
  • Integrate DevSecOps practices into CI/CD pipelines (SCA, SAST, secrets scanning, release gating)

Required Deliverables (FDA Submission Support)

  • Product Security Plan
  • Threat Model Documentation
  • Risk Assessment Reports
  • Vulnerability Assessment (CVSS 3.1 aligned with MITRE standards)
  • MDS2 Documentation
  • Security White Papers

Requirements

  • Proven experience in Product Security Engineering within the Medical Device / MedTech domain
  • Hands-on experience supporting FDA submissions
  • Strong knowledge of ISO 14971 and IEC 62304 standards
  • Experience in threat modeling, risk analysis, and secure architecture design
  • Familiarity with embedded systems and firmware security
  • Experience with security testing tools and methodologies
  • Strong understanding of networking protocols and cybersecurity fundamentals

About the company

Jones Lang LaSalle + Mountain View, CA + $194,168 per year JLL empowers you to shape a brighter way. Our people at JLL are shaping the future of real estate for a better world by combining world class services, advisory and technology fo…, © 2026 Careerjet All rights reserved

Apply for this position