M

Senior/Principal Product Security Engineer

Mondo
8 minutes ago
Contract
Massachusetts
United States
Job DescriptionJob Description

Apply now: Senior/Principal Product Security Engineer, location is Remote. The start date is ASAP for this contract position.

Job Title: Senior/Principal Product Security Engineer
Location-Type: Remote
Start Date Is: ASAP
Duration: 9-12 month contract
Compensation Range: $70-85/hr

Job Description:
Lead hands-on product security documentation and risk deliverables for regulated MedTech devices supporting FDA submission readiness.

Day-to-Day Responsibilities:

  • Pull and complete templates within the Quality Management System (QMS)
  • Own and drive product security documentation end-to-end (Word/Excel)
  • Conduct threat modeling, risk assessments, and cybersecurity evaluations
  • Collaborate with R&D software teams to gather requirements and validate findings
  • Develop and maintain product security plans and vulnerability reports (SOUP, MDS)
  • Perform vulnerability analysis using CVSS and software bill of materials (SBOM)
  • Ensure alignment with FDA premarket cybersecurity guidance and ISO 14971
  • Route completed documentation for internal review and approval
  • Manage multiple deliverables (up to 6 per product) simultaneously

Requirements:

  • Must-Haves:
    • 5-6 years of experience in product security or cybersecurity engineering
    • Hands-on experience in regulated MedTech or similar highly regulated environment
    • Proven ownership of threat models, cybersecurity architecture, and risk assessments
    • Experience with vulnerability management (CVSS, SBOM, SOUP reports)
    • Strong experience working within a QMS and driving documentation to completion
    • Familiarity with FDA premarket cybersecurity guidance
    • Knowledge of ISO 14971 risk management frameworks
    • Ability to work cross-functionally with R&D and engineering teams
  • Nice-to-Haves:
    • Experience supporting FDA submissions for medical devices
    • Background in urology or similar medical device domains
    • Experience managing multiple concurrent compliance deliverables
    • Exposure to cybersecurity metrics and reporting frameworks

Benefits:

This role is eligible to enroll in both Mondo's health insurance plan and retirement plan. Mondo defers to the applicable State or local law for paid sick leave eligibility