Sr. Principal Product Security Engineer

Sr. Principal Product Security Engineer - Embedded Medical Devices

Location: Twin Cities (Hybrid)

Compensation: Competitive Base bonus (flexible depending on experience)

About the Role

Join a medical device OEM looking for a Senior Principal Product Security Engineer to lead security-by-design efforts across a portfolio of life‑sustaining medical devices used in acute hospital settings. This role is a critical technical leader responsible for ensuring embedded and digital products meet the highest standards for security, privacy, and regulatory compliance throughout their lifecycle.

This is a senior individual contributor role with architecture-level responsibility, partnering closely with embedded software teams, R&D leadership, quality, and regulatory stakeholders.

Key Responsibilities

• Lead product security architecture and implementation across embedded and electromechanical medical devices deployed in clinical environments
• Drive a security-by-design mindset by working directly with embedded software engineers on secure coding practices and design patterns
• Define and implement secure embedded solutions aligned with security plans, threat models, risk assessments, and application security requirements
• Minimize attack surface and protect intellectual property across hardware, firmware, and software layers
• Support security governance activities including planning, prioritization, and coordination across multiple development teams
• Perform architecture reviews, design reviews, and proof-of-concept (POC) work to validate security approaches
• Analyze and remediate findings from SAST, DAST, SCA, and penetration testing across product lifecycles
• Support post-market surveillance, vulnerability investigations, and continuous security monitoring
• Partner with regulatory and quality teams to support current and upcoming regulatory submissions

Required Qualifications

• Bachelor's degree in Computer Science, Computer/Software Engineering, or equivalent experience
• 8 years of software development experience, with at least 5 years focused on product or embedded security
• Regulated industry experience, with a strong preference for medical device
• Strong background in embedded systems security and secure software development
• Embedded software development experience is required; Python experience is a plus
• Deep understanding of secure SDLC, security-by-design principles, and architecture-level security concepts
• Hands-on experience with:
• Secure boot, code signing, flash/data-at-rest encryption
• Cryptographic algorithms, cipher suites, PKI, and authentication protocols
• Wired and wireless secure networking across multiple OSI layers
• Embedded/Linux or RTOS environments
• Experience interpreting and remediating security findings from standard testing methodologies

Preferred Experience

• Hardware security and physical security hardening exposure
• Participation in industry standards bodies or working groups (e.g., ISO)
• Experience communicating with regulators (FDA, FAA, DoD, etc.)
  

EOE Statement: Specialist Staffing Group is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.

In addition to base pay, direct-hire employees may be eligible for client offered benefits such as medical, dental, and vision coverage, and paid leave where required by applicable law. Eligibility may vary based on factors such as location and hire date and is subject to change.

To find out more about Real, please visit www.realstaffing.com