Senior Product Security Specialist

Senior Product Security ArchitectJob Title: Senior Product Security Architect Location: Remote (Applications must be located in the Orange County / San Diego metro area.) Duration: 7 Months Contract (Possible Extension) Job Description:We are seeking a Senior Product Security Architect to lead security architecture and security engineering governance for Client’s Dispensing business unit. The Dispensing portfolio includes FDA Class I and Class II medical devices and their associated cloud-connected platforms.This role focuses on risk-based security that ensures patient safety, data protection, and regulatory readiness.Role FocusApply risk-proportionate security controlsEmphasize secure-by-design and secure-by-defaultEnable efficient FDA submissions (510(k), De Novo)Balance usability, workflow, and securityKey ResponsibilitiesSecurity Architecture & DesignDefine end-to-end security architecture across devices, apps, and cloudEstablish baseline security patterns (auth, encryption, secure updates)Conduct Threat Modeling, Risk Assessments, Requirements/Controls Mapping, Security White PapersLead and Drive Security Design Reviews & Roadmap Remediations/MitigationsSecure SDLC- Implement lean Secure SDLC aligned to NIST, OWASP, and BSIMM- Integrate SAST, SCA, secrets scanning, container/IaC scanning- Define minimum viable security gatesRegulatory & ComplianceSupport FDA cybersecurity documentation (threat models, SBOMs, risk assessments)Align with IEC 62304, ISO 14971Ensure audit-ready documentationCloud SecurityArchitect secure integrations with Client’s Cloud PlatformsSecure device-to-cloud data flowsSBOM & Vulnerability ManagementEstablish SBOM processes (SPDX, CycloneDX)Implement continuous vulnerability monitoringDefine risk-based remediation SLAsCross-Functional LeadershipCollaborate with engineering, quality, regulatory, and product teamsTranslate security into patient safety and business riskMentor teamsRequired Qualifications10+ years cybersecurity experienceExperience with FDA Class I/II devicesKnowledge of embedded, cloud, and application securityFamiliarity with FDA submissionsPreferred QualificationsExperience with IoMT ecosystemsKnowledge of FDA Cybersecurity Pre & Post Market Guidance, UL 2900, AAMI TIR57/TIR97DevSecOps experienceCertifications (CISSP, CCSP, CSSLP)Key CompetenciesAbility to right-size security controlsStrong risk-based decision-makingCommunication across technical and non-technical teamsSuccess MetricsSBOM completenessReduction in critical vulnerabilitiesFDA submission successTime-to-remediate vulnerabilities