Boston Scientific Principal Cybersecurity Engineer 

United States, Minnesota 

342451948

Your responsibilities will include:

• Interpret and apply relevant cybersecurity standards and regulations (e.g., FDA/CMDE/MDCG Cybersecurity Guidance, IEC 62443, ISO 14971, HIPAA, GDPR) to ensure product compliance.
• Stay current with emerging regulations and standards related to medical device security (e.g., FDA Premarket Guidance, Post-market Cybersecurity Guidance).
• Collaborate with product development teams to embed security controls throughout the design, development, and maintenance phases.
• Lead threat modeling and security risk assessments across the organization, identifying and evaluating potential threats and vulnerabilities.
• Elicit and define product security needs and requirements; define product security architectures and design specifications, and verification and validation strategies.
• Conduct vulnerability assessments, fuzzing and penetration testing to identify and mitigate risks.
• Establish best practices and processes for secure coding, configuration management, and patching.
• Develop and implement risk mitigation strategies and maintain risk management documentation.
• Oversee and enhance incident response plans and processes, ensuring rapid and effective resolution of security incidents.
• Drive continuous improvement of vulnerability management, including the evaluation and deployment of necessary patches or updates.
• Work closely with internal stakeholders (Software Development, Quality, Regulatory, IT, etc.) to align on security goals and requirements.
• Present cybersecurity findings, reports, and recommendations to senior leadership, regulators, and external auditors.

Required qualifications:

• Bachelor’s or Master’s degree in Cybersecurity, Computer Science, Computer Engineering, or a related field.
• 9+ years of experience in cybersecurity engineering, with a focus on product development and risk management.
• Proven experience leading security design and architecture reviews for complex, embedded medical devices or similar technologies.
• Demonstrated track record of creating and executing security risk assessments and mitigation strategies.
• In-depth understanding of cybersecurity frameworks (e.g., NIST Cybersecurity Framework).
• Understanding of privacy regulations (HIPAA, GDPR) and their intersection with medical device cybersecurity.
• Strong leadership, decision-making, and team-building capabilities.
• Excellent written and verbal communication skills for interfacing with technical teams, stakeholders, and executive leadership.
• Ability to work collaboratively across multidisciplinary teams, bridging gaps between technical, regulatory, and business functions.

Preferred qualifications:

• Years of experience working in the medical device industry or a similarly regulated environment; security architecture or medical device administration experience in healthcare settings is also a plus.
• Hands-on experience with secure coding practices, vulnerability scanning tools, fuzzing, and penetration testing methodologies.
• Knowledge of embedded systems security, wireless communications, network protocols, and PKI.
• Familiarity with FDA regulations and guidance documents for medical devices (e.g., 21 CFR Part 820).
• Working knowledge of SW96/TIR57/TIR97, IEC 62304 (software lifecycle), IEC 60601 (electrical safety), and ISO 14971 (risk management).
• Experience supporting VA Handbook 6500 compliance and ISO/IEC 27001 certification.
• Relevant certifications (e.g., GIAC, OffSec, CISSP, CISM, CRISC) are a plus.

Maximum Salary: $ 188300

Compensation fornon-exempt (hourly), non-sales rolesmay also include variable compensation from time to time (e.g., any overtime and shift differential) and annual bonus target (subject to plan eligibility and other requirements).

Compensation forexempt, non-sales rolesmay also include variable compensation, i.e., annual bonus target and long-term incentives (subject to plan eligibility and other requirements).

For MA positions: It is unlawful to require or administer a lie detector test for employment. Violators are subject to criminal penalties and civil liability.

Please be advised that certain US based positions, including without limitation field sales and service positions that call on hospitals and/or health care centers, require acceptable proof of COVID-19 vaccination status. Candidates will be notified during the interview and selection process if the role(s) for which they have applied require proof of vaccination as a condition of employment. Boston Scientific continues to evaluate its policies and protocols regarding the COVID-19 vaccine and will comply with all applicable state and federal law and healthcare credentialing requirements. As employees of the Company, you will be expected to meet the ongoing requirements for your roles, including any new requirements, should the Company’s policies or protocols change with regard to COVID-19 vaccination.

Among other requirements, Boston Scientific maintains specific prohibited substance test requirements for safety-sensitive positions. This role is deemed safety-sensitive and, as such, candidates will be subject to a prohibited substance test as a requirement. The goal of the prohibited substance testing is to increase workplace safety in compliance with the applicable law.