Senior Product Security Engineer

HistoSonics is a commercial-stage medtech company advancing the Edison System, a novel non-invasive sonic beam therapy based on histotripsy. Since receiving FDA De Novo grant for the non-invasive destruction of liver tumors in 2023, the company has progressed beyond initial market entry into commercial expansion, reimbursement momentum, and ongoing clinical and pipeline development. In addition to its current liver tumor indication, HistoSonics is pursuing future indications across multiple applications including kidney, pancreas, prostate, neuro, women’s health, and other significant underserved human health areas, to realize the broader potential histotripsy across multiple disease states and medical specialties.

We offer an exciting work culture where cutting-edge science meets real-world application, and each team member’s contribution is important to our success in ensuring our physicians and their patients get what they need most.

Location: Remote (contiguous United States)

Travel: Quarterly - 3 days on site (likely Plymouth, MN)

Position Summary: (Why this role matters)

The Product Security Engineer will be part of a growing team responsible for contributions to the cybersecurity stature of the HistoSonics Edison Histotripsy system. The role will require you to work cross-functionally with hardware, firmware, software, quality, and regulatory teams to drive implementation of a wide array of security controls and best practices into the Edison system.

Key Responsibilities: (What you’ll do)

• Threat Modeling and Risk Assessment: Execute and document risk assessments of the cybersecurity stature of various subsystems and components within the Edison system, in partnership with cross-functional stakeholders and subject matter experts.
• Secure Design: Guide product engineering teams to drive inherent risk remediation via documenting and implementing requirements and adoption of best practices to reduce residual risk and improve the cybersecurity stature of the Edison system. Support development and documentation of verification plans to ensure control sufficiency. Analyze and document impact due to proposed changes.
• Regulatory Compliance: Support FDA premarket submissions by preparing cybersecurity documentation including risk management reports, threat model, MDS2 and cybersecurity whitepaper.
• Postmarket Compliance: Support cyber lifecycle management activities including vulnerability monitoring, assessment, and documentation needs.
• Maintain a positive, results-oriented work environment, building partnerships and modeling teamwork, communicating to team members in an open, balanced, and objective manner.
• Create/ maintain a clean, safe, and effective work environment.

Qualifications and Skills

• 8 years of combined professional experience in Information Security, Risk Management, and or/IT-centric cybersecurity roles is required.
• Bachelor’s degree in an engineering, science, or technical discipline preferred.
• In lieu of degree requirement: relevant technical, cybersecurity, or medical device on-job experience is considered.
• Expertise with cybersecurity vulnerability analysis methodologies including CVSS is required.
• Expertise with cybersecurity methodologies for identifying design weakness is required: (threat modeling/STRIDE, CWE)
• Familiarity with cybersecurity, information security, and medical device standards regulations is required: (HIPAA, FDA, ISO 27001)
• Familiarity with methodologies for assessing cybersecurity residual risk is required: (CVE analysis, review of technical design documentation, compensating controls analysis, CVSS MD rubric)
• Relevant security certifications are preferred.
• In-depth, systemic technical knowledge of complex, dynamic, and varying medical device systems.
• Excellent written and verbal communication skills, with the ability to participate in engineering discussions.
• Strong analytical, critical thinking, and problem-solving skills with an attention to detail.

Benefits: We offer a comprehensive benefits package for full-time employees. This includes health, dental, and vision insurance, life, short-term and long-term disability insurance, 401(k), paid time off, and more.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

#LI-Remote

#LI-LH1