Senior Product Cybersecurity Engineer

Dice is the leading career destination for tech experts at every stage of their careers. Our client, SumasEdge Corporation, is seeking the following. Apply via Dice today!
Job Title:- Senior Product Cybersecurity Engineer
Location:- Boston, MA (Hybrid)
Full-Time
Job Details
Secure the next generation of medical and cloud‑connected healthcare products
At Haemonetics, we design technologies that directly impact patient safety and clinical outcomes. We are seeking a Senior Product Security Engineer who will play a critical role in embedding security throughout the lifecycle of our medical devices and cloud‑based healthcare solutions.
In this role, you will collaborate closely with software, embedded, cloud, quality, and regulatory teams to ensure that security is built into every stage — from concept and development to release, monitoring, and post‑market operations. You will influence secure design decisions, strengthen our DevSecOps practices, and help maintain the safety and regulatory integrity expected in the healthcare environment.
What You Will Do
You will serve as a core partner across product engineering, embedding security into medical device and SaMD development while strengthening our cloud, DevSecOps, and vulnerability management practices.
Secure Product Development & SaMD Security
You will help product teams build secure systems from the ground up by:

• Integrating security into the SDLC through secure design reviews, threat modeling, and requirements definition.
• Performing architecture and threat‑modeling reviews for device firmware, cloud services and APIs, and the mobile/web applications that support our devices.
• Defining and validating controls for authentication, authorization, encryption, and data protection.
• Working with Quality and Regulatory teams to ensure cybersecurity requirements are traceable, documented, and audit‑ready.

Cloud & Backend Product Security (AWS)
You will secure the AWS‑based backends that power our medical and SaMD platforms by:

• Designing and reviewing secure cloud architectures using AWS services.
• Implementing product‑focused logging, monitoring, and threat‑detection capabilities.

DevSecOps & Supply Chain Security
You will enhance product resilience and build confidence in our supply chain by:

• Integrating security tooling into CI/CD pipelines (SAST, DAST, dependency and container scanning, secrets detection).
• Establishing SBOM practices and governing third‑party components.
• Defining secure standards for container images, including hardening, scanning, and signing.
• Supporting secure build processes, artifact signing, and release integrity.

Vulnerability Management & Post‑Market Cybersecurity
You will help products remain secure after launch by:

• Supporting vulnerability intake, triage, prioritization, and remediation across device software and cloud environments.
• Contributing to coordinated disclosure, advisories, and post‑market cybersecurity requirements.
• Working with incident response to investigate and contain product‑related security events.

Technical Leadership
You will be a trusted advisor and mentor by:

• Serving as the product security subject matter expert for engineering teams.
• Guiding secure design decisions and establishing practical, usable security patterns.
• Driving continuous improvement in product security maturity.

Who You Are
You are a hands‑on security engineer with strong product and application security experience, and you are comfortable working across embedded, cloud, and software systems in regulated healthcare environments.
You bring:

• 7+ years of cybersecurity engineering experience with a focus on product/application security.
• Direct experience securing medical devices, connected devices, or SaMD in regulated settings.
• Strong understanding of secure SDLC, DevSecOps, threat modeling, OWASP Top 10, and API security risks.
• Hands‑on experience with AWS cloud security for product backends.
• Familiarity with frameworks like NIST CSF, NIST 800‑53, and ISO 27001.
• The ability to collaborate effectively with Engineering, Quality, Regulatory, and Product teams.

Preferred experience:
Knowledge of IEC 62304, ISO 14971, ISO 13485, FDA cybersecurity guidance, UL 2900, AAMI TIR57/TIR97, EU MDR, and IEC 81001‑5‑1; exposure to CSPM, CIEM, or cloud workload protection tools.
Certifications:

• CISSP, CISM, Security+, CySA+, or GIAC (GSEC, GWAPT, GPEN).
• Strongly preferred: AWS Certified Security – Specialty, CCSP.

You are also comfortable with tools such as AWS IAM/VPC/ECS/Lambda/S3/RDS/KMS/CloudTrail/GuardDuty, Veracode SAST/DAST and SBOM tooling, AWS CI/CD pipelines, and Terraform.
What Success Looks Like
Success in this role means security becomes a natural, expected part of how we design and ship products — not a late‑stage hurdle. You help ensure that:

• Products are architected with strong security foundations from day one.
• Our cloud and device platforms are secure, observable, and resilient.
• Vulnerabilities are handled quickly with clear processes and effective remediation.
• Post‑market cybersecurity meets the expectations of regulators, clinicians, and customers.
• Engineering teams grow stronger through your mentorship and security leadership.

In addition to compensation, the Company offers a competitive suite of benefits to its employees, including without limitation, a 401(k) with up to a 6% employer match and no vesting period, an employee stock purchase plan, “flexible time off” for salaried employees and, for hourly employees, accrual of three to five weeks’ vacation annually (based on tenure), accrual of up to 64 hours (annually) of paid sick time, paid and/or floating holidays, parental leave, short- and long-term disability insurance, tuition reimbursement, and/or health and welfare benefits.