Jobbeschreibung
exocad GmbH is a dynamic and innovative software company. Founded in 2010 as a spin-off of the world-renowned Fraunhofer Institute for Computer Graphics Research and part of the Align Technology Group since April 2020, we develop CAD software solutions for digital den-tal technology. Our international clientele includes well-known companies in the dental in-dustry. You can find more information about us and our products at exocad.com.
To strengthen our Quality- /Security team at Darmstadt, we are looking for you as a
Senior Product Security Engineer in Technology Governance and Compliance (m/w/d)
We are seeking a Senior Product Security Engineer in Technology Governance and Compliance. You should have exceptional skills with privacy and security by design, formal standards documentation, information security or application security, product development life cycle for medical devices, and experience with risk management and project management. You will report directly to the Senior Manager, Product Security and will collaborate with the other company wide Information Security- and other relevant teams to ensure every medical device both hardware and software launched is as secure as it can be and increasing the assurance levels of security in the infrastructure underlying all our products. In this role, you will analyze data, surface trends, and ensure compliance of product security regulatory requirements for software in a medical device or software as a medical device.
- Coordinate with cross-functional teams for medical device security requirements throughout the total product lifecycle such as risk assessment, security testing (SAST, DAST, SCA, penetration testing), and publication of product security collaterals.
- Perform and participate in medical device security risk assessments to include threat modeling, security design controls, mitigations, and publication of assessment reports.
- Use software tools for automation of processes.
- Support Regulatory Affairs and Quality Assurance teams with regulatory submissions to include US FDA, EU MDR, Japanese PMDA, China NMPA or other international regulatory bodies.
- Active engagement with development teams to include review of architecture flows, data flows, and system or software design requirements for compliance with product security regulatory requirements for medical devices.
- Assess conformance with monitoring and reporting of product security vulnerability management through vulnerability scans, customer complaints, and third parties.
- Bachelor's or master's degree in a relevant field (Cybersecurity/Security, Software Engineer, Computer Engineer, Biomedical Engineer, Risk Management, or others) OR an equivalent combination of education, training, and experience in the medical device industry, preferably with software in a medical device or software as a medical device.
- Minimum of 7 years of professional experience with any combination of at least 2 technical disciplines, including the following: application security, medical device security, risk management, biomedical engineering, medical device design (SiMD/SaMD), or cloud security.
- Knowledge of medical device cybersecurity standards such as IEC 81001-5-1, IEC TR 80001-2-2:2012, FDA Cybersecurity Guidance, or Medical Device Software – Software Life Cycle (ISO 62304) processes.
- Fluent in English with excellent verbal and written communication skills comfortable interacting at all levels of the organization. In addition German skills would be a plus
- Effective problem-solving skills with particular emphasis on root cause analysis with attention to details.
- Demonstrated project management and decision-making skills.
- Experience with regulatory compliance and submissions.
- Ability to work as a team player to find solutions.
- Travel: 5% - with some international travel required.
Preferred / would be a plus:
- Knowledge of application of risk management to medical devices (ISO 14971) and/or medical device quality management requirements (ISO 13485).
- Experience working with people across multiple global geographies.
- Demonstrate knowledge in understanding and applying medical device cybersecurity regulations, standards, and principles such as those published by ISO/IEC, AAMI, HSCC, EU MDR, NMPA, FDA.
- Information Security professional certification such as CMRP, HCISPP, CISM, CISA, CISSP, CompTIA, CHP, CRMP, and/or other certifications related to cyber forensics, threat intelligence, incident handling or ethical hacking.
- A passion for self-improvement through learning in all disciplines– but especially in information technology – and discovering how to apply that knowledge to better assess risk in software in a medical device or software as a medical device.
- Exciting and varied activities in a dynamic and growth-oriented software company
- Open-door policy and responsive, agile approach to decision making
- Positive working atmosphere that promotes both individual freedom and responsibility
- Strong team spirit and very good working atmosphere
- Modern offices and workstations, working with the latest technologies
- Flexible working hours
- Hybrid work, Tuesday till Thursday are office days, Monday and Friday home office is possible
- Training opportunities
- Company events
- Sports opportunities and work-life balance
- Free drinks, fruit and snacks / Canteen with own cook
- Good transport connections
- JobTicket/JobBike