Principal Cybersecurity Engineer

Boston Scientific is seeking an experienced Principal Cybersecurity Engineer to join our R&D Division in Pune, Maharashtra, India. This role is crucial for overseeing and guiding our cybersecurity strategy throughout the product lifecycle, ensuring compliance with relevant standards and regulations. The ideal candidate will have a strong background in the design, development, and testing of cybersecurity features and controls within a regulated industry. Additional locations for this role may include Gurgaon, Haryana, India.

Boston Scientific is a global leader in medical science, dedicated to solving the challenges that matter most in healthcare. We foster a culture of Diversity, Innovation, Caring, Global Collaboration, Winning Spirit, and High Performance. Join our diverse and high-performing teams to tackle critical health industry challenges, advance your skills, and build a rewarding career.

Key Responsibilities

• Lead the design, implementation, and maintenance of comprehensive security measures across all stages of medical device development, ensuring compliance with relevant regulations and standards.
• Protect patient data and device integrity by designing and implementing secure architectures for new medical devices, considering connectivity, data protection, access controls, and secure communication protocols.
• Conduct thorough vulnerability assessments and penetration testing on medical devices to identify potential security flaws and implement corrective actions.
• Ensure compliance with relevant medical device cybersecurity regulations and standards, including documentation and reporting requirements.
• Mentor and guide junior cybersecurity engineers on best practices, security techniques, and emerging threats within the medical device domain.
• Collaborate effectively with cross-functional teams including product development, quality assurance, regulatory affairs, and clinical teams to address cybersecurity concerns.

Key Skills and Qualifications

• Deep understanding of cybersecurity principles and concepts, including cryptography, network security, authentication, authorization, and data protection.
• Expertise in medical device cybersecurity standards and regulations such as FDA, IEC 62304, ISO 14971, and IEC 81001-5-1.
• Proven experience in threat modeling, risk assessment, and vulnerability management within the medical device context.
• Strong knowledge of secure coding practices and software development methodologies.
• Experience with penetration testing tools and techniques for medical devices.
• Excellent communication and collaboration skills for effective cross-functional teamwork.
• Bachelor's degree in computer science, electrical engineering, or a related field.
• 10+ years of experience with cybersecurity and software systems.
• Advanced cybersecurity certifications (e.g., CISSP, CISA, OSCP) are highly desirable.

Quality System Requirements

All actions must demonstrate a primary commitment to patient safety and product quality by maintaining compliance with the Quality Policy and all other documented quality processes and procedures.

Job Scope and Levelling Guidelines

Functional Knowledge

Requires specialized and comprehensive technical and/or functional knowledge in cybersecurity engineering, with a full understanding of related job functions. Leverages this knowledge to recommend new and/or improved work processes impacting various teams.

Business Expertise

Applies knowledge of business and industry best practices, understanding how cybersecurity integrates with business objectives to drive results. Aware of the competition and market differentiators.

Leadership

Acts as a resource and mentor for colleagues with less experience. May lead projects with manageable risks and resource requirements, often broader, cross-functional projects.

Problem Solving

Solves complex and diverse problems, taking a new perspective on existing solutions and exercising judgment based on the analysis of multiple sources of information. Works independently within broad guidelines and policies.

Impact

Impacts the ongoing achievement of customer, operational, project/program, or key business/organizational/service objectives and recommends improvements within the area of responsibility.

Interactions (and Communications)

Explains difficult or sensitive information to facilitate productive discussion and build consensus. Regularly leads discussions and makes presentations in cross-functional meetings, effectively presenting information to explain recommendations and implications.

Requisition ID: 600442