Demo

Cybersecurity Engineer

Verathon, Inc.
Bothell, WA Full Time
POSTED ON 6/28/2026
AVAILABLE BEFORE 6/27/2027

Overview

Verathon® is looking for a Cybersecurity Engineer to become the newest member of our R&D Team located in Bothell, Washington.

 

The Cybersecurity Engineer is responsible for leading the system-level cybersecurity engineering activities required to design and sustain secure medical devices across Verathon's product portfolio. This role is the primary owner of product security architecture, system threat modeling, and the translation of FDA and consensus standards guidance into actionable security requirements and verification evidence. Working closely with Software Engineering, Quality, and Regulatory teams, the Cybersecurity Engineer ensures that Verathon's products are designed and documented to satisfy regulatory expectations throughout the product lifecycle, from initial design through post-market sustaining activities.

Responsibilities

  • Define product security architecture, including identification of software and hardware assets, trust boundaries, control objectives, and interface documentation; specify and review designs for authentication, authorization, cryptography, secure update mechanisms, event logging, data integrity, and system hardening (including STIG-based hardening where applicable)
  • Lead system-level threat modeling (e.g., STRIDE / MITRE ATT&CK for ICS) and allocate mitigations across hardware, firmware, and software; ensure trust-boundary assumptions are explicit, traceable, and testable
  • Derive cybersecurity requirements from FDA guidance and consensus standards (IEC 62443, IEC 81001-5-1, AAMI SW96); define verification strategies specifying required evidence, timing, and ownership
  • Produce and maintain design-level product security documentation including architecture views, control rationale, security requirements traceability matrices, and interface/external connection records
  • Own the engineering interface during penetration testing and other third-party security engagements: lead scope clarification, environment setup, and technical Q&A; assess design impact of findings; define remediation technical approach and support retest readiness
  • When post-release remediation is required, define technical scope and verification approach; coordinate with engineering and release functions to ensure validated deployment and documentation closure
  • Lead interoperability security assessments for device interfaces with external systems, networks, and devices; evaluate security and safety risks across normal and fault operating modes and define appropriate risk controls for interface trust boundaries
  • Conduct CVE impact analysis for fielded products; assess applicability of newly disclosed vulnerabilities to system-level components and architecture; support prioritization and remediation scoping
  • Contribute to release readiness for security-driven sustaining updates, including inputs to patch packaging, documentation updates, and design change records
  • Collaborate with the Software to ensure security requirements are correctly allocated and verification evidence is complete across the system
  • Work cross-functionally across Systems, Software, Quality, and Regulatory disciplines to align on security architecture decisions and ensure consistent implementation
  • Own and maintain the Product Security Management Plan and associated Product Security Management File, ensuring all required cybersecurity activities are planned, traceable, and audit-ready
  • Support Verathon's Quality Management System (QMS), including participation in design reviews, ECO procedures, and DHF/regulatory submission artifact preparation
  • Stay current with evolving FDA cybersecurity guidance, EU MDR and MDCG 2019-16, NIST CSF, and relevant medical device security standards; identify implications for Verathon products and processes

Qualifications

  • Bachelor's degree in Systems Engineering, Electrical Engineering, Computer Engineering, or a related technical discipline is required
  • 5 years of demonstrated experience in cybersecurity engineering, product security engineering, or a related field, with at least 3 years focused on cybersecurity for connected or regulated products
  • Demonstrated experience with system-level threat modeling methodologies (e.g., STRIDE, PASTA, or TARA as defined in IEC 81001-5-1 / AAMI SW96)
  • Working knowledge of medical device cybersecurity regulatory requirements, including FDA premarket and postmarket cybersecurity guidance, IEC 81001-5-1, AAMI SW96, and IEC 62443
  • Experience defining security requirements and producing verification evidence in a regulated product development environment (FDA QSR / ISO 13485 QMS preferred)
  • Experience with CVE/NVD triage and vulnerability impact assessment at the system level including CVSS-based vulnerability scoring and cybersecurity risk assessment methodologies
  • Experience supporting or managing third-party penetration testing engagements, including findings triage and remediation scoping, is strongly preferred
  • Working knowledge of networking fundamentals (ports, protocols, firewalls) and OS-level security concepts across Linux and/or Windows environments relevant to connected medical devices
  • Relevant security certification (e.g., CISSP, CISM, CEH, CompTIA Security , or equivalent) is preferred; candidates with equivalent demonstrated experience will be considered
  • Familiarity with SBOM concepts and supply chain security considerations for medical devices is an asset
  • Working knowledge of architecture and modeling tools (e.g., Visio, PlantUML, or basic SysML) for producing security architecture and threat-model artifacts
  • Strong written communication skills with demonstrated ability to produce clear, audit-ready technical documentation

Salary range - $124,105 - $151,300 (Compensation will vary based on skills, experience and location; it is not typical to be hired at or above the top of the salary range).

 

Full-time employees who are not on a commission plan are eligible for Verathon’s annual bonus plan based on company and individual performance.

 

Verathon provides a competitive benefits package including medical, dental, vision, basic life insurance, paid holidays, paid time off and a 401(k) matching plan.  For more information, please visit our complete Benefits Summary at https://www.verathon.com/sites/default/files/2026-02/US_HQ_Employee_Benefits_Summary.pdf.

EEO

Research shows that women and underrepresented groups tend to apply to jobs only when they check every box on a job posting. If you’re currently reading this and hesitating to click “Apply” for that reason, we encourage you to go for it! Even if you are not a match for this role, we may have another opportunity that may be a great fit.   Verathon is an equal opportunity employer and strongly supports diversity in the workplace.  We believe that diverse ideas, opinions and perspectives will build a strong foundation for success.  In order to provide equal employment and advancement opportunities to all individuals, employment decisions at Verathon will be based on merit, qualifications, and abilities. Verathon does not discriminate in employment opportunities or practices on the basis of race, color, religion, sexual orientation, gender identity, national origin, age, disability, or any other characteristic protected by law.

Salary : $124,105 - $151,300

If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution. Compensation Planning
Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right. Surveys & Data Sets

What is the career path for a Cybersecurity Engineer?

Sign up to receive alerts about other jobs on the Cybersecurity Engineer career path by checking the boxes next to the positions that interest you.
Income Estimation: 
$125,027 - $157,872
Income Estimation: 
$149,432 - $188,965
Income Estimation: 
$125,027 - $157,872
Income Estimation: 
$149,432 - $188,965
Employees: Get a Salary Increase
View Core, Job Family, and Industry Job Skills and Competency Data for more than 15,000 Job Titles Skills Library

Job openings at Verathon, Inc.

Senior Software Engineer
Apply
  • Verathon, Inc. Bothell, WA
  • Company Overview Verathon is a global medical device company focused on supporting customers by being their trusted partner, delivering high-quality produc... more
  • 2 Days Ago
Senior Systems Engineer
Apply
  • Verathon, Inc. Bothell, WA
  • Overview Verathon ® is looking for a Senior Systems Engineer to become the newest member of our Urology R&D team located in Bothell, WA. This role is expec... more
  • 4 Days Ago
Territory Manager - Urology (North Houston)
Apply
  • Verathon, Inc. Bothell, WA
  • Territory Manager - Urology (North Houston) Location US-Remote ID 2026-1749 Category Sales Position Type Full Time Work Model Remote (Local) Company Overvi... more
  • 4 Days Ago
Territory Manager - Urology (New York, NY)
Apply
  • Verathon, Inc. Bothell, WA
  • Territory Manager - Urology (New York, NY) Location US-Remote ID 2026-1686 Category Sales Position Type Full Time Work Model Remote (Local) Company Overvie... more
  • 5 Days Ago
View More Jobs at Verathon, Inc.

Not the job you're looking for? Here are some other Cybersecurity Engineer jobs in the Bothell, WA area that may be a better fit.

Cybersecurity Engineer
Apply
  • Trupanion Seattle, WA
  • Company Description Trupanion is a leading provider of medical insurance for cats and dogs in North America. Our mission is to help loving, responsible pet... more
  • 1 Month Ago
Lead Cybersecurity Engineer
Apply
  • Visa Bellevue, WA
  • About Us Visa is a world leader in payments technology, facilitating transactions between consumers, merchants, financial institutions and government entit... more
  • 12 Days Ago
View More Jobs

AI Assistant is available now!

Feel free to start your new journey!