Product Security Engineer

The product Security Engineer is responsible for embedding cybersecurity into all stages of the Secure Product Development Lifecycle (SPDLC), ensuring that products meet stringent regulatory, compliance, and security standards. Security Engineers will be embedded within product development teams across the organization and are expected to work closely with software architects and developers. They play a key role in guiding and supporting architects and developers by providing security expertise, defining secure design patterns, identifying risks early, and helping integrate security controls into product architecture and code. This role drives proactive risk management, supports regulatory compliance, and promotes a security-first culture throughout the development process.

Execution Strategy : Execution of the product security strategy will be done in alignment with the Product Security Office (PSO).

What will you do with us?

Lead STRIDE based threat modeling sessions for product architecture, interfaces, and data flows.

Document threats, attack vectors, and vulnerabilities in formal Threat model reports.

Perform CVSS scoring for identified vulnerabilities.

Align with ISO 14971, FDA 21 CFR 820.30(g) and applicable SOP’s.

Support Risk Benefit Analysis (RBA) with Regulatory, safety, and business stakeholders.

Derive cybersecurity requirements based on SOP’s and standards such as FDA, Premarket Guidance, MDR

Apply defense in depth principles, including zero trust and least privilege.

Conduct hands on SAT / DAST and analyze results.

Perform and support SCA (Static code analysis) and for SBOM vulnerabilities.

Support cybersecurity documentation preparation for regulatory submissions (NMPA, MDR, FDA MDS2).

Collaborate with Product owners, software Architects, privacy regulatory, PSO and safety teams for each key activity in secure product development lifecycle (SPDLC)

Our requirements :

• Experience with medical products (knowledge of regulatory intricacies)
• Holistic understanding of security throughout the product lifecycle
• Strong communication skills to liaise with management
• Proactive risk assessment and management
• Regulatory security - someone who can confidently master documentation and audits

What do we offer?

About eConsulting

eConsulting is a leading provider of HCM, DCM, QMS, RIMS, validation services, cloud solutions, IT team and staff augmentation, and other IT services for multinational clients from regulated and non-regulated sectors. As the largest Cornerstone OnDemand partner in Europe, we specialize in offering consulting, integration, and implementation of Human Capital Management (HCM) services. Our key strength lies in the ability to combine our comprehensive expertise and commitment to excellence with our sensitivity to the client’s needs. We are growing over 30 % annually. Join us and help us accelerate the growth of our Team.