R&D Cybersecurity Engineering Intern / stagiaire en ingénierie de la cybersécurité

Additional Location(s): Canada-QC-Montreal

Diversity - Innovation - Caring - Global Collaboration - Winning Spirit - High Performance

At Boston Scientific, we’ll give you the opportunity to harness all that’s within you by working in teams of diverse and high-performing employees, tackling some of the most important health industry challenges. With access to the latest tools, information and training, we’ll help you in advancing your skills and career. Here, you’ll be supported in progressing – whatever your ambitions.       

Please note this is a 6 month internship opportunity beginning as soon as possible.

About the role

The R&D Cybersecurity Engineering Intern supports security risk assessment activities across embedded medical device systems. This role applies foundational engineering and cybersecurity principles to help analyze product vulnerabilities, contribute to risk mitigation strategies, and support secure design practices throughout the product development lifecycle. The individual will work closely with R&D and cross-functional teams while developing strong technical, documentation, and problem-solving skills within a regulated medical device environment.

Your responsibilities will include:

• Support threat modeling and security risk assessments across embedded systems.
• Assist in analyzing and improving the security posture of medical products by identifying potential vulnerabilities and supporting mitigation strategies.
• Collaborate with R&D teams to integrate secure design principles throughout the product development lifecycle.
• Direct support personnel and coordinate project activities as required.
• Maintain detailed documentation throughout all phases of research and development.
• Contribute to software and system risk assessment activities, including Design FMEA activities.

Required qualifications

• Currently pursuing or recently completed a bachelor’s or master’s degree in computer science, Software Engineering, Cybersecurity, or a related technical field.
• Foundational knowledge of cybersecurity principles and secure software development practices.
• Familiarity with threat modeling frameworks (e.g., STRIDE, PASTA) or risk analysis methodologies.
• 0–1 year of experience with product development activities in a regulated industry.
• Strong problem-solving skills in a team environment.
• Excellent organizational, communication, and collaboration skills.
• Strong technical documentation skills.

Preferred qualifications

• Understanding of embedded systems security and medical device cybersecurity standards.
• Experience with vulnerability scanning tools, penetration testing, or secure SDLC practices.
• Ability to translate technical cybersecurity findings into clear, actionable recommendations.
• Excellent communication and teamwork skills, with the ability to work both collaboratively and independently.
• Strong organizational, communication, and collaboration abilities.

Veuillez noter qu'il s'agit d'un stage de 6 mois débutant dès que possible.

À propos du poste

Le stagiaire en ingénierie de la cybersécurité soutient les activités d’évaluation des risques de sécurité liés aux systèmes embarqués de dispositifs médicaux. Ce rôle met en application des principes fondamentaux d’ingénierie et de cybersécurité afin d’analyser les vulnérabilités des produits, de contribuer aux stratégies d’atténuation des risques et de soutenir l’intégration de pratiques de conception sécurisée tout au long du cycle de développement des produits. La personne retenue travaillera en étroite collaboration avec les équipes de R-D et les équipes interfonctionnelles, tout en développant de solides compétences techniques, de documentation et de résolution de problèmes dans un environnement réglementé de dispositifs médicaux.

Vos responsabilités comprendront :

• Soutenir les activités de modélisation des menaces et d’évaluation des risques de sécurité dans les systèmes embarqués.
• Aider à analyser et à améliorer la posture de sécurité des produits médicaux en identifiant les vulnérabilités potentielles et en soutenant les stratégies d’atténuation.
• Collaborer avec les équipes de R-D afin d’intégrer des principes de conception sécurisée tout au long du cycle de développement des produits.
• Encadrer le personnel de soutien et coordonner les activités de projet, au besoin.
• Maintenir une documentation détaillée à toutes les étapes de la recherche et du développement.
• Contribuer aux activités d’évaluation des risques liés aux logiciels et aux systèmes, y compris les activités d’AMDE (Analyse des modes de défaillance et de leurs effets) de conception.

Qualifications requises

• Poursuivre actuellement ou avoir récemment complété un baccalauréat ou une maîtrise en informatique, en génie logiciel, en cybersécurité ou dans un domaine technique connexe.
• Connaissance de base des principes de cybersécurité et des pratiques de développement logiciel sécurisé.
• Familiarité avec les cadres de modélisation des menaces (p. ex. : STRIDE, PASTA) ou les méthodologies d’analyse de risques.
• De 0 à 1 an d’expérience dans des activités de développement de produits dans un secteur réglementé.
• Solides compétences en résolution de problèmes dans un environnement d’équipe.
• Excellentes aptitudes en organisation, communication et collaboration.
• Excellentes compétences en documentation technique.

Qualifications souhaitées

• Compréhension de la sécurité des systèmes embarqués et des normes de cybersécurité applicables aux dispositifs médicaux.
• Expérience avec des outils d’analyse de vulnérabilités, de tests d’intrusion ou avec des pratiques de SDLC sécurisé.
• Capacité à traduire des constats techniques en cybersécurité en recommandations claires et exploitables.
• Excellentes aptitudes en communication et en travail d’équipe, avec la capacité de travailler de façon collaborative ou autonome.
• Solides aptitudes en organisation, communication et collaboration.

Requisition ID: 619891

Minimum Salary: $31200 

Maximum Salary: $56800 

The anticipated compensation listed above and the value of core and optional employee benefits offered by Boston Scientific (BSC) – see www.bscbenefitsconnect.com--will vary based on actual location of the position and other pertinent factors considered in determining actual compensation for the role. Compensation will be commensurate with demonstrable level of experience and training, pertinent education including licensure and certifications, among other relevant business or organizational needs. At BSC, it is not typical for an individual to be hired near the bottom or top of the anticipated salary range listed above.

Compensation for hourly, non-sales roles may also include variable compensation from time to time (e.g., any overtime and shift differential) and annual bonus target (subject to plan eligibility and other requirements).

Compensation for salaried, non-sales roles may also include variable compensation, i.e., annual bonus target and long-term incentives (subject to plan eligibility and other requirements).

Compensation for sales roles is governed by Sales Incentive Compensation Plan (which includes certain annual non-discretionary incentives based on predetermined objectives).

Our organization is across Canada and has commercial representation in 140 countries.

This job involves regular collaboration with colleagues, clients, and stakeholders across Canada, the U.S., and/or internationally, making proficiency in English essential for effective communication and alignment. English is necessary for engaging with a range of documentation and maintaining effective communication if interacting with external clients or vendors.

As detailed in the job description, this job involves communicating, both verbally and in writing, with other Boston Scientific teams located across Canada, the United States and/or with our international clients and partners. International customers and partners represent an important part of our activities. Based on an evaluation, we have determined that the duties of R&D Cybersecurity Engineering Intern / stagiaire en ingénierie de la cybersécuritéposition require knowledge of English in addition to French (oral and written). We also determined that the English language skills already required of other employees do not permit the performance of English language skills tasks related to R&D Cybersecurity Engineering Intern / stagiaire en ingénierie de la cybersécurité position.

However, in Québec, Boston Scientific limits as much as possible the number of positions for which it requires the knowledge of another language than French. Boston Scientific solely requires proficiency in English where it is necessary for the performance of an employee’s duties.