Sr Product Security Architect/Engineer

Insulet started in 2000 with an idea and a mission to enable our customers to enjoy simplicity, freedom and healthier lives through the use of our Omnipod® product platform. In the last two decades we have improved the lives of hundreds of thousands of patients by using innovative technology that is wearable, waterproof, and lifestyle accommodating. We are looking for highly motivated, performance driven individuals to be a part of our expanding team. We do this by hiring amazing people guided by shared values who exceed customer expectations. Our continued success depends on it! Position Overview The Senior Product Security Architect / Engineer is a fully qualified, experienced, journey‑level professional who plays a critical role in defining and advancing Insulet’s end‑to‑end product security architecture. In this role, you will independently lead complex security architecture initiatives spanning secure system design, cryptographic protocols, device identity, key life cycle management and PKI‑based trust models across Insulet’s product ecosystem. You will partner closely with engineering, product, validation, regulatory, and compliance teams to embed security throughout the product lifecycle and support cybersecurity documentation and regulatory submissions aligned with FDA guidance for connected medical devices. This role requires deep technical expertise, sound judgment, and the ability to influence and guide stakeholders who may not be security experts, often requiring clear communication and persuasion. Key Responsibilities Security Architecture & Design Define and evolve end‑to‑end product security architectures ensuring confidentiality, integrity, authenticity, and availability of product communications and data flows. Architect and review secure communication protocols between embedded devices, mobile applications, and cloud services (e.g., mTLS, secure BLE, NFC). Design and assess software‑ and hardware‑based security controls, including secure boot, software signing, device identity, hardware roots of trust, secure enclaves, and TEEs. Conduct in‑depth cryptographic and protocol design reviews, including key management strategies, X.509 validation models, and mutual authentication flows. Collaborate on HSM‑backed key protection architectures supporting cloud, manufacturing, and device ecosystems. Apply best practices aligned with industry standards such as FIPS 140‑3, NIST SP 800‑57, PKCS#11, and related guidance. Cross‑Functional Collaboration & Regulatory Support Work independently with minimal guidance while partnering with design, development, product, validation, regulatory, and compliance teams to integrate security requirements into system design and verification processes. Support and review cybersecurity documentation for FDA and other regulatory submissions, ensuring technical accuracy, traceability, and audit readiness. Produce and maintain security architecture documentation, threat models, and design specifications throughout the product lifecycle. Technical Influence & Mentorship Act as a technical resource and mentor for less‑experienced engineers, strengthening team expertise in cryptographic design and PKI operations. Evaluate complex security issues, propose creative solutions, and recommend alternative approaches using sound judgment and risk‑based decision making. Build strong working relationships with senior internal and external partners, effectively influencing design decisions and security outcomes. Qualifications Education Bachelor’s degree in Computer Science, Information Security, or a related field (Master’s degree a plus). Experience 5–8 years of experience in product security architecture, embedded systems security, applied cryptography, or related domains. Demonstrated experience designing secure communication tunnels and protocols across cloud, mobile, and embedded environments. Hands‑on expertise with PKI systems, X.509 certificate management, and HSM integration. Strong knowledge of cryptographic algorithms and protocols (e.g., AES, RSA, ECC, SHA‑2/3, TLS, BLE Secure Connections). Experience with secure boot, software signing, and TEE / secure enclave technologies (e.g., ARM TrustZone, Apple Secure Enclave, Android Keystore). Familiarity with cloud API security (OAuth 2.0, JWT, TLS) and secure software update mechanisms. Solid understanding of threat modeling, attack surfaces, and exploit techniques, with familiarity using frameworks such as STRIDE. Experience working in regulated environments and supporting FDA cybersecurity requirements for connected medical devices. Skills & Attributes Ability to work independently with minimal direction on complex, ambiguous problems. Strong analytical, documentation, and communication skills, with the ability to translate complex security concepts to diverse technical and non‑technical audiences. Proven ability to apply best practices and business context to improve product security outcomes. Collaborative mindset with a track record of influencing cross‑functional teams. Insulet Corporation is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. (Know Your Rights) Insulet employees are all focused on the same goal — to make a difference. Our relentless passion is to simplify life for people with diabetes. We excite and empower employees to bring their best selves to work through a culture that supports a healthy work and life balance. We set the bar high to meet customer needs, and our priority is to ensure our employees are equipped and supported to help us get there. We foster and celebrate curiosity, innovation, and learning. Our teams work collaboratively and are empowered to drive the best actions for our customers. Our innovation spirit and customer-centric focus position us as global pioneers — leading the way to improve health outcomes with revolutionary medical devices while breaking down barriers to access.