FreeHire

jobs-aligntech

Product Security Engineer

Show
This position is ideal for mid-level engineering professionals to join the Technology Governance & Compliance team as a Product Security Engineer, driving security-by-design practices across medical device products. Partnering with cross-functional teams including Information Security, Regulatory Affairs, Quality Assurance, and Product R&D, you will provide security expertise, risk assessments, and compliance guidance to ensure software and hardware medical devices meet global regulatory and cybersecurity requirements. This role is critical in strengthening product security posture, supporting medical device compliance, and enabling secure innovation across Align Technology’s product ecosystem.
  • Support the Manager, Product Security in annual product security program planning and execution, including aligning priorities, tracking key initiatives, and ensuring readiness for regulatory, audit, and business objectives.
  • Coordinate with cross-functional teams to integrate medical device security requirements throughout the product lifecycle, including risk assessments, security testing (SAST, DAST, SCA, penetration testing), and development and completion of product security deliverables.
  • Perform and participate in medical device security risk assessments, including threat modeling, security design control evaluation, mitigation strategies, and publication of assessment reports.
  • Support Regulatory Affairs and Quality Assurance with global regulatory submissions (e.g., US FDA, EU MDR, China NMPA) by providing product security subject matter expertise.
  • Review system architectures, data flows, and software designs to ensure compliance with product security regulatory requirements for medical devices.
  • Monitor and assess product security vulnerability management processes, including results from scans, third-party findings, and customer-reported issues.
  • Analyze product security data and trends to support continuous improvement and risk-informed decision-making.
  • Enable development teams to build secure products by design through guidance, frameworks, and best practices.
  • Ensure alignment with Product Risk Management and Product Security Risk Management (PSRM) processes and applicable industry standards.
  • Perform other duties as assigned to support Product Security objectives.
  • Demonstrated ability to work independently as a self-directed engineer, effectively navigating challenges and influencing outcomes across stakeholders.
  • Strong verbal and written communication skills, with the ability to clearly convey technical concepts to both technical and non-technical audiences at all levels of the organization.
  • Proven problem-solving capabilities, with a focus on root cause analysis, critical thinking, and attention to detail in complex engineering environments.
  • Experience managing technical initiatives, with solid project management and sound engineering decision-making skills.
  • Hands-on experience supporting regulatory compliance activities and contributing to technical inputs for regulatory submissions.
  • Strong curiosity and drive to continuously learn emerging technologies, particularly in medical device security, and apply that knowledge to meet regulatory and security requirements.
  • Ability to work as a team player globally to achieve individual and company success.
Education:
  • Bachelor’s degree or equivalent work experience.
  • 5+ years of professional experience.
Experience:
  • Knowledge of FDA Quality System requirements, medical device quality management requirements (ISO 13485), application of risk management to medical devices (ISO 14971) requirements, security risk management of medical devices, Medical Device Regulation (MDR) requirements, Knowledge of Good Manufacturing Practices (GMP), MDSAP or other international equivalence.
  • Familiar with Medical Device Software – Software Life Cycle (ISO 62304) processes.
  • Hands-on experience with secure development practices, application security, cloud security, or risk management.
  • Knowledge in understanding and applying industry frameworks such as those published by ISO, NIST, OWASP, CSA, and/or AICPA.
  • Strong analytical, problem-solving, and decision-making skills.
  • Demonstrated ability to manage multiple priorities and deliver results in a fast-paced environment.
  • Experience working in regulated environments (e.g., medical devices or healthcare) is preferred.
  • Experience working across global teams and distributed environments.
Complementary skills
  • Professional certifications such as CISSP, CISM, CISA, HCISPP, CompTIA Security+, or other cybersecurity-related credentials.
  • Familiarity with DevSecOps practices, security testing tools, and vulnerability management platforms.
  • Strong analytical and root cause analysis capabilities with attention to detail.
  • Passion for continuous learning and applying emerging technologies and security practices to medical devices.
  • Experience in the following technical disciplines: application security, medical device security, risk management, medical device design (SiMD/SaMD), cloud security, or biomedical engineering.