Transforming smiles, changing lives.
At
Align Technology, we believe a great smile can transform a person’s life, so we create technology that gives people the confidence to take on whatever’s next. We revolutionized the orthodontic industry with the introduction of the Invisalign system, and we have never lost sight of that spirit of innovation. Our diverse and collaborative teams are constantly pushing the boundaries of what’s possible.
Ready to join us?
About this opportunity
Align is looking for a Senior Product Security Engineer in Technology Governance and Compliance for our Raleigh location. The Senior Product Security Engineer should have exceptional skills with privacy and security by design, formal standards documentation, information security or application security, product development life cycle for medical devices, and experience with risk management and project management. This role will report directly to the Senior Manager, Product Security and will collaborate with the Information Security, Technology Governance, Risk, and Compliance, Regulatory Affairs and Quality Assurance, and Product Research and Development teams to ensure every medical device both hardware and software launched is as secure as it can be and increasing the assurance levels of security in the infrastructure underlying all our products. This team will also focus on increasing the capabilities of each product team to develop more secure products by design and by default, from patterns, tools and frameworks to increasing the skill level of development teams. In this role, you will analyze data, surface trends, and ensure compliance of product security regulatory requirements for software in a medical device or software as a medical device.
In this role, you will…
- Coordinate with cross-functional teams for medical device security requirements throughout the total product lifecycle such as risk assessment, security testing (SAST, DAST, SCA, penetration testing), and publication of product security collaterals.
- Perform and participate in medical device security risk assessments to include threat modeling, security design controls, mitigations, and publication of assessment reports.
- Support Regulatory Affairs and Quality Assurance teams with regulatory submissions to include US FDA, EU MDR, China NMPA and other international regulatory bodies.
- Active engagement with development teams to include review of architecture flows, data flows, and system or software design requirements for compliance with product security regulatory requirements for medical devices.
- Assess conformance with monitoring and reporting of product security vulnerability management through vulnerability scans, customer complaints, and third parties.
In this role, you’ll need …
- To be an independent self-directed worker with experience using soft power to navigate obstacles.
- Excellent verbal and written communication skills comfortable interacting at all levels of the organization.
- Effective problem-solving skills with particular emphasis on root cause analysis with attention to details.
- Demonstrated project management and decision-making skills.
- Experience with regulatory compliance and submissions.
- An appetite for new technology knowledge, especially in medical device security, and the ability to research, understand, and apply new information to confirm with regulatory requirements.
- Ability to work as a team player to achieve individual and company success.
Requirements:
- Bachelor (undergraduate) degree in a relevant field (Cybersecurity/Security, Software Engineer, Computer Engineer, Biomedical Engineer, Risk Management, or others) OR an equivalent combination of education, training, and experience in the medical device industry, preferably with software in a medical device or software as a medical device.
- 8-12 years of professional experience with any combination of at least 2 technical disciplines, including the following: application security, medical device security, risk management, biomedical engineering, medical device design (SiMD/SaMD), and cloud security
- Thorough knowledge of application of risk management to medical devices (ISO 14971), medical device quality management requirements (ISO 13485); and Medical Device Software – Software Life Cycle (ISO 62304) processes.
Preferred:
- Experience working with people across multiple global geographies
- Demonstrate knowledge in understanding and applying medical device cybersecurity regulations, standards, and principles such as those published by ISO/IEC, AAMI, HSCC, EU MDR, NMPA, FDA.
- Information Security professional certification such as CMRP, HCISPP, CISM, CISA, CISSP, CompTIA, CHP, CRMP, and/or other certifications related to cyber forensics, threat intelligence, incident handling or ethical hacking.
- A passion for self-improvement through learning in all disciplines– but especially in information technology – and discovering how to apply that knowledge to better assess risk in software in a medical device or software as a medical device.
Travel:
- 10% - with some international travel required