Principal Cybersecurity Engineer

Additional Location(s): US-MA-Marlborough; US-CA-San Diego

Diversity - Innovation - Caring - Global Collaboration - Winning Spirit - High Performance

At Boston Scientific, we’ll give you the opportunity to harness all that’s within you by working in teams of diverse and high-performing employees, tackling some of the most important health industry challenges. With access to the latest tools, information and training, we’ll help you in advancing your skills and career. Here, you’ll be supported in progressing – whatever your ambitions.           

About the role:

Boston Scientific is seeking a Principal Cybersecurity Engineer with a background in the design, development, and testing of cybersecurity features and controls in a regulated industry. This individual will be responsible for guiding the cybersecurity strategy throughout the product lifecycle, ensuring compliance with relevant standards and regulations.

Be a part of the Interventional Cardiology team, one of Boston Scientific’s most product-diverse divisions, supporting R&D in the design of exciting products and business development activities.

Work Mode:
At Boston Scientific, we value collaboration. This role follows a hybrid work model, requiring employees to be in our Maple Grove, MN or Marlborough, MA or San Diego, CA office at least three days per week.

Your responsibilities will include:

• Lead threat modeling using STRIDE and security risk assessments, identifying, and evaluating potential threats and safety issues.
• Elicit and define product security needs and requirements; define product security architectures and design specifications, and verification and validation strategies.
• Stay current with emerging regulations and standards related to medical device security (e.g., FDA Premarket Guidance, Post-market Cybersecurity Guidance, TIR 57).
• Collaborate with product development teams to embed security controls throughout the design, development, and maintenance phases.
• Establish best practices and processes for secure coding, configuration management, and patching.
• Develop and implement risk mitigation strategies and maintain risk management documentation.
• Oversee and enhance incident response plans and processes, ensuring rapid and effective resolution of security incidents.
• Drive continuous improvement of vulnerability management, including the evaluation and deployment of necessary patches or updates.
• Collaborate closely with internal stakeholders (Software Development, Quality, Regulatory, IT) to align security goals and requirements.
• Model resiliency and show leadership by presenting topics to the Security Champions program.

Required qualifications:

• Bachelor’s or master’s degree in Cybersecurity, Computer Science, Computer Engineering, or a related field.
• 9+ years of experience in cybersecurity engineering, with a recent focus on product security as it extends to the IoT cloud.
• Proven experience leading security design and architecture reviews for complex, embedded medical devices or similar technologies.
• Demonstrated history of creating and executing security risk assessments and mitigation strategies.
• In-depth understanding of cybersecurity frameworks (e.g., NIST Cybersecurity Framework) including best practices for defense in depth.
• Excellent written and verbal communication skills for interfacing technical teams, stakeholders, and executive leadership.
• Ability to work collaboratively across multidisciplinary teams, bridging gaps between technical, regulatory, and business functions.

Preferred qualifications:

• 5+ years of experience working in the medical device industry or a similarly regulated environment; security architecture or medical device administration experience in healthcare settings is also a plus.
• Development experience in securing Windows IoT, Android, or Yocto Linux.
• Deep knowledge of the deployment environment for medical devices into health delivery organizations, including Active Directory (AD) or Single Sign On (SSO) integrations.
• Hands-on experience with IoT cloud deployments such as Azure or AWS.
• Experience writing code, with secure coding practices, vulnerability scanning tools, and penetration testing methodologies.
• Knowledge of embedded systems security, wireless communications, network protocols, and PKI.
• Experience supporting VA Handbook 6500 compliance, ISO/IEC 27001 certification a
• Relevant certifications (e.g., GIAC, CISM, CRISC) are a plus.
• Experience with vulnerability and risk assessments including use of CVSS.

Requisition ID: 624109 

Minimum Salary: $ 102100 

Maximum Salary: $ 194000 

The anticipated compensation listed above and the value of core and optional employee benefits offered by Boston Scientific (BSC) – see www.bscbenefitsconnect.com—will vary based on actual location of the position and other pertinent factors considered in determining actual compensation for the role. Compensation will be commensurate with demonstrable level of experience and training, pertinent education including licensure and certifications, among other relevant business or organizational needs. At BSC, it is not typical for an individual to be hired near the bottom or top of the anticipated salary range listed above.

Compensation for non-exempt (hourly), non-sales roles may also include variable compensation from time to time (e.g., any overtime and shift differential) and annual bonus target (subject to plan eligibility and other requirements).

Compensation for exempt, non-sales roles may also include variable compensation, i.e., annual bonus target and long-term incentives (subject to plan eligibility and other requirements).

For MA positions: It is unlawful to require or administer a lie detector test for employment. Violators are subject to criminal penalties and civil liability.

As a leader in medical science for more than 40 years, we are committed to solving the challenges that matter most – united by a deep caring for human life. Our mission to advance science for life is about transforming lives through innovative medical solutions that improve patient lives, create value for our customers, and support our employees and the communities in which we operate. Now more than ever, we have a responsibility to apply those values to everything we do – as a global business and as a global corporate citizen.

So, choosing a career with Boston Scientific (NYSE: BSX) isn’t just business, it’s personal. And if you’re a natural problem-solver with the imagination, determination, and spirit to make a meaningful difference to people worldwide, we encourage you to apply and look forward to connecting with you!

At Boston Scientific, we recognize that nurturing a diverse and inclusive workplace helps us be more innovative and it is important in our work of advancing science for life and improving patient health. That is why we stand for inclusion, equality, and opportunity for all. By embracing the richness of our unique backgrounds and perspectives, we create a better, more rewarding place for our employees to work and reflect the patients, customers, and communities we serve. 

Boston Scientific Corporation has been and will continue to be an equal opportunity employer. To ensure full implementation of its equal employment policy, the Company will continue to take steps to assure that recruitment, hiring, assignment, promotion, compensation, and all other personnel decisions are made and administered without regard to race, religion, color, national origin, citizenship, sex, sexual orientation, gender identity, gender expression, veteran status, age, mental or physical disability, genetic information or any other protected class.

Please be advised that certain US based positions, including without limitation field sales and service positions that call on hospitals and/or health care centers, require acceptable proof of COVID-19 vaccination status.  Candidates will be notified during the interview and selection process if the role(s) for which they have applied require proof of vaccination as a condition of employment.  Boston Scientific continues to evaluate its policies and protocols regarding the COVID-19 vaccine and will comply with all applicable state and federal law and healthcare credentialing requirements.   As employees of the Company, you will be expected to meet the ongoing requirements for your roles, including any new requirements, should the Company’s policies or protocols change with regard to COVID-19 vaccination.

Among other requirements, Boston Scientific maintains specific prohibited substance test requirements for safety-sensitive positions.  This role is deemed safety-sensitive and, as such, candidates will be subject to a prohibited substance test as a requirement.  The goal of the prohibited substance testing is to increase workplace safety in compliance with the applicable law.