Product Security Engineer

Employment Eligibility Statement:

Due to specific project and client requirements, this position is open to U.S. Citizens and U.S. Lawful Permanent Residents (Green Card holders) . Sponsorship is not available at this time.

Danta Technologies evaluates all candidates in compliance with the Immigration and Nationality Act (INA) and EEOC guidelines . All hiring decisions are made without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, age, disability, veteran status, or any other protected characteristic.

Job Title: Product Security Engineer – Medical Devices (FDA)

Location: San Jose, CA 95117 / Cincinnati, OH 45248 / Raritan, NJ (Candidate can choose any 1 working location)

Contract: 6 months & Extendable

Pay rate - $45/hr on W2/Danta Technologies payroll.

Job Description:

Product Security Eng. resource that has working knowledge of the MedTech industry and worked on the deliverables a part of the FDA submissions.

Resource with following experience:

• Risk management tied to safety: apply ISO 14971 risk management principles and integrate security risks into safety analyses (FMEA/FMEDA, hazard analysis).
• Medical device software lifecycle: familiarity with IEC 62304 software lifecycle requirements and how security activities map to software safety classifications and documentation.
• Regulatory cybersecurity expectations: understanding of FDA premarket guidance for cybersecurity (or equivalent regional guidance).
• Threat modeling & attack surface analysis: experience using STRIDE, or similar methods to identify and prioritize risks across hardware, firmware, software, cloud, and network interfaces.
• Secure architecture & design: can define secure-by-design controls (authentication, authorization, least privilege, data flow segmentation, fail-safe modes) and translate them into requirements and design patterns.
• Embedded/firmware security: knowledge of boot chain integrity, secure boot, signed firmware, hardware root of trust, secure key storage (TPM, secure element), and firmware update mechanisms.
• Cryptography fundamentals and applied crypto: proper use of TLS, certificate lifecycle, symmetric/asymmetric primitives, secure hashing, key management and avoiding cryptographic misuse.
• Vulnerability assessment & testing: static analysis (SAST), dynamic analysis (DAST), fuzzing, binary analysis, and hardware-oriented testing methods (side-channel, interface fuzzing).
• Penetration testing & red-team basics: able to plan and execute device-level and system-level penetration tests or coordinate with external testers; evaluate risk and produce remediation plans.
• Networking and protocols: understanding of TCP/IP, BLE, Wi‑Fi, MQTT, HL7/FHIR basics (if applicable), and secure configuration of network stacks and protocols.
• Software supply chain & SBOM: ability to generate and manage software bill of materials, track third-party components, and perform dependency vulnerability management.
• DevSecOps and CI/CD integration: integrating security checks into pipelines (SCA, SAST, secrets scanning, automated tests), release gating, and secure artifact handling.

The resource would need to be able to author the following deliverables, not limited to, as part of the FDA submission:

• Product security plan
• Threat model
• Risk assessment
• Vulnerability assessment (preferably using CVSS 3.1 with MITRE rubric)
• MDS2
• White Paper

Note:

Danta offers competitive compensation to W2 employees. Where applicable, employees may elect to participate in available healthcare plans, including Medical, Dental, and Vision coverage. Paid sick leave is provided in accordance with applicable state and local laws.

Compensation rates and salary ranges are determined based on multiple factors, including qualifications, relevant experience, and geographic location.