Product Security Specialist for Medical Devices (Cyber Security)

Job description We believe in the power of ingenuity to build a positive human future. We challenge where it matters and own the outcome. We combine strategic thinking, customer-centric service design, and agile engineering practices to accelerate innovation in a tech-driven world.   Why consider joining our Digital & Data community? 🤔   Join our Digital & Data team working alongside product, design and a wide range of other experts and cross-disciplinary teams to bring ideas to life through innovative software solutions.   Grow a flexible and unique career within a trust-based, inclusive environment that values excellence, innovation, and curiosity. You have the option to progress with us on a technical career track. No need to go onto the Partner career track if this doesn’t align with what you want to do.   Hybrid working - our approach is to be in the office or on client site a minimum of 2 days per week.    Work on a broad variety of projects and tech stacks for clients across seven sectors - no project is ever the same   Join other experts within our supportive and collaborative tech community through knowledge-sharing and peer-level support, coaching and mentoring   Deepen your expertise through our a culture of learning and growth – you’ll have budget to take courses (technical and non-technical training), plus gain certifications   What you can expect 🌱   Work to agile best practices and cross-functionally with multiple teams and stakeholders. You’ll be using your technical skills to problem solve with our clients, as well as working on internal projects   Work with client product teams and functional groups on determining objectives, scope, and timelines for key product security initiatives and architecting the delivery methodologies  Assess security risks across client product portfolios and recommend remediation strategies while balancing business and technical requirements  Advice on strategies around coding, threat modeling, and security testing for embedded systems, IoT devices while ensuring compliance with industry regulations  Work alongside client R&D teams to lead on secure code reviews, threat modeling, security risk assessments, vulnerability assessments and validation and verification of controls  Monitor emerging cybersecurity threats in the IoT and medical device landscape and write though leadership to showcase PA’s point of view on these  Build strong stakeholder relationships across our clients  Foster team growth, training and deliver outcomes.  Support and drive business development efforts  Manage projects with expertise.  Solve problems with a consulting approach.  Hybrid working with the team on client site or in our office a minimum of two days per week. However, the actual time you spend and where you spend it will vary by role or assignment, including up to 5 days per week on a client site.   An environment that deeply cares about its values Values | PA Consulting    Qualifications Essential requirements ✅   Even if you don’t meet every requirement below, feel free to still apply as we are often hiring for similar roles which your background might be better suited to.   5+ years of relevant experience in the medical device space (either industry or through consulting/service provider)  Proficiency in security frameworks (e.g., NIST, OWASP, MITRE ATT&CK, PASTA, STRIDE) and standards such as FDA cybersecurity guidance  Experience assessing security risks using industry standard methods (penetration test results, threat modeling, security testing) and determining residual risk after applying compensating security controls  Experience implementing and demonstrating compliance to security frameworks such as NIST, IEC, HITRUST, HIPAA, GDPR, ISO 27001, SOC 2 Type 2 and familiarity working with Quality Management Systems  Experience working with teams in a structured software development lifecycle process  Excellent interpersonal skills, both written and verbal, with the ability to clearly convey complex security topics to a wide audience - technical and non-technical teams.  Proven track record of achieving outcomes and nurturing relationships.  Skilled in crafting compelling proposals and other business development materials. Proficient in cultivating opportunities within the client base and network.  Holds Cyber Security accreditations/qualifications such as [CISSP, CSSLP, CISM], indicating a solid foundation in the field.  You thrive in problem-solving and analytical thinking    You enjoy collaborating with multiple stakeholders in a fast-paced environment