Product Security Specialist

About the Job

We are seeking a Product Security Specialist with expertise in connected / IoT medical devices or healthcare products to join our team.

The ideal candidate will work with clients to advise and shape the overall security strategy for products, ensure secure design, development, and deployment across the entire product lifecycle, and implement industry best practices to protect sensitive healthcare data.

Applying for this role is straight forward Scroll down and click on Apply to be considered for this position.

Key Responsibilities

• Collaborate with client product teams and functional groups to define objectives, establish scope, and set timelines for critical product security initiatives, as well as design delivery approaches.
• Evaluate security risks across client product portfolios and propose remediation solutions that align both technical requirements and business goals.
• Provide guidance on coding practices, threat modeling, and security testing strategies for embedded systems and IoT devices, ensuring adherence to relevant industry regulations.
• Partner with client R&D teams to drive secure code reviews, conduct threat modeling, perform security risk and vulnerability assessments, and validate security controls.
• Stay informed on emerging cybersecurity threats within the IoT and medical device sectors and develop thought leadership content to represent PA’s expertise and viewpoint.
• Establish and nurture strong relationships with key stakeholders across client organizations.
• Promote team development by supporting training initiatives and delivering high-quality outcomes.
• Lead projects with confidence, applying a consultative approach to address challenges and deliver solutions.

Required Skills & Experience

• 8+ years of hands-on experience in IoT security, ideally within the medical device or pharmaceutical sectors.
• Expertise in security frameworks (such as NIST, OWASP, MITRE ATT&CK, PASTA, STRIDE) and familiarity with standards including FDA cybersecurity guidance.
• Demonstrated ability to assess security risks through recognized methods (e.g., penetration testing, threat modeling, security testing) and evaluate residual risks with compensating controls.
• Solid experience in applying and proving compliance with frameworks like NIST, IEC, HITRUST, HIPAA, GDPR, ISO 27001, SOC 2 Type 2, as well as working with Quality Management Systems (QMS).
• Strong record of delivering results and cultivating client relationships.
• Skilled in developing business opportunities, including preparing proposals and identifying growth areas within the client portfolio.
• Holds relevant cybersecurity certifications such as CISSP, CSSLP, or CISM.

Preferred Qualifications

• Proven ability to author thought leadership pieces and deliver insights on new and emerging security developments.
• Background in consulting, with an emphasis on strategic problem-solving and driving successful outcomes.

For further information, please contact Giuseppe.Cantoni@cognitive-group.com