Lead Cybersecurity Engineer

Since 1995, Red Oak Technologies has been a trusted partner in the tech industry, delivering innovative talent solutions that drive progress. We specialize in quickly acquiring and efficiently matching top-tier professional talent with clients in immediate need of highly skilled contract, permanent or project management based resources.

Position: Cybersecurity Lead Engineer

Role: Full time Hybrid

Location: Hercules, CA or Irvine, CA

Base Salary: $179-245K Depending on experience

The Technical Leader for the Product Cybersecurity Program and Product Security Incident Response Team (PSIRT) provides leadership for medical device cybersecurity across company's portfolio. This role owns the strategy, governance, and execution of the product cybersecurity program, ensuring compliance with FDA cybersecurity requirements and global standards while driving program maturity across the organization and product lifecycle. This position serves as the authoritative technical leader for product cybersecurity, accountable for vulnerability management, incident response, regulatory alignment, and cross functional coordination. The role operates at the program level, enabling and guiding product teams rather than replacing their functional ownership.

How You'll Make An Impact:

Program Leadership & Governance

• Own and evolve the Product Cybersecurity Program, including PSIRT governance, operating model, decision authority, and escalation paths.

• Establish and maintain alignment with FDA medical device cybersecurity expectations, including premarket and post-market requirements for vulnerability management, coordinated disclosure, and incident response.

• Define and maintain the cybersecurity framework aligned to NIST CSF 2.0, ISO 81001 5 1, ISO/IEC TS 27110, and ISO/IEC 27032, and ensure integration with Global IT security practices.

• Embed product cybersecurity requirements into the Global Quality Management System (QMS), including Design Controls, risk management, and change management.

Cross Functional Enablement

• Lead the cross functional Cybersecurity Core Team, ensuring sustained engagement and prioritization across R&D, Software, Systems, QA/RA, Global Supply Chain (Manufacturing and

Procurement), and Global Information Security.

• Provide clear expectations, guidance, and oversight to product teams for secure design, development, and maintenance, without assuming direct development ownership.

• Ensure cybersecurity considerations are integrated throughout the product lifecycle, from concept and design through post market support.

Vulnerability & Incident Management (PSIRT)

• Serve as the single point of accountability for product cybersecurity intake, triage, and prioritization.

• Oversee end to end vulnerability management, including risk assessment, remediation planning, regulatory timelines, and customer deployment.

• Lead technical coordination for cybersecurity incident investigations, containment, and remediation, ensuring timely and effective response to high severity issues.

• Guide product teams on mitigations, patches, and workarounds to ensure security and regulatory expectations are met.

Regulatory & External Communication

• Ensure cybersecurity incidents and disclosures comply with FDA, international regulatory, and internal quality requirements.

• Oversee the development and approval of security advisories, customer notifications, and regulatory communications.

• Act as the technical authority in engagements with external security researchers, customers, regulators, and industry groups.

Training, Metrics & Continuous Improvement

• Drive cybersecurity awareness and training for R&D, Support, and Quality teams to reinforce a security first culture.

• Define, track, and report program level cybersecurity and PSIRT performance metrics to leadership.

• Continuously improve program effectiveness based on metrics, lessons learned, and evolving regulatory expectations.

What You Bring:

• Bachelor’s degree in Computer Science, Information Security, Engineering or a related field.

• 7 years of experience in cybersecurity, including architecture design in a regulated environment (preferably FDA, healthcare, or medical devices).

• A system thinker with deep expertise in medical device cybersecurity, including FDA premarket and post market cybersecurity requirements.

• Expert knowledge of NIST CSF 2.0, ISO 81001 5 1, ISO/IEC TS 27110, and ISO/IEC 27032.

• Proven ability to lead cross functional programs in complex, matrixed organizations.

• Strong technical judgment, communication skills, and executive presence.

• Demonstrated ability to build, mature, and scale cybersecurity programs across organizations.

• Preferred: Master’s degree in a technical field.

• Certifications: CISSP, CSSLP, CISM, or equivalent.

• Experience with cloud-based systems, IoT security, or medical device security.

Location: This position must be based in Hercules, CA or Irvine, CA and requires the employee to be located within commuting distance of the office.

Red Oak Technologies is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. See what it’s like to be at the top; connect with one of our recruiters and apply today.

Let us help you find your next career opportunity! JOIN RED OAK TECHNOLOGIES!

Learn what it’s like to be a Red Oak Consultant!

Red Oak Five (Core Values): Relationships First | Exceptional Quality and Service | Unwavering Integrity and Trust | Be Easy To Do Business With | Respect Everyone