Senior Cybersecurity Engineer

at Q Bio
💰 $170k-$200k
🇺🇸 United States - Remote
🔒 Cybersecurity🟣 Senior

Job description

The Role:

At Q Bio, we are transforming healthcare by combining AI, Physics, and Biology to automate the physical exam, making preventive, personalized care accessible to all. We are hiring a Senior Cybersecurity Engineer to join our dynamic team, focusing on embedding security throughout our product lifecycle. You will be instrumental in designing, building, automating, and maintaining the secure deployment and monitoring of our cutting-edge products.

$170,000 - $200,000 a year

What You Will Do:

Product & Medical Device Security (FDA Regulated Environment):

●        Secure Software Development Lifecycle (SDLC): Integrate security best practices and tools into every phase of the product development lifecycle, from design and requirements to coding, testing, and deployment.

●        Threat Modeling & Risk Analysis: Lead and perform threat modeling and security risk analysis (per ISO 14971) for new and existing medical device software.

●        FDA & Regulatory Compliance: Author, review, and own all cybersecurity-related documentation for regulatory submissions (e.g., FDA 510(k) pre-market and post-market management plans). Ensure our products and processes align with the latest FDA guidance, IEC 62304, and other relevant medical device security standards.

●        Regulatory Interface: Serve as the primary cybersecurity subject matter expert (SME) for regulatory interactions, including responding to questions during FDA submissions and representing the company’s cybersecurity posture during audits.

●        Security Requirements Definition: Partner with Product Management, Engineering, and Quality teams to define and document security requirements, controls, and architecture for our medical device platforms.

●        Vulnerability Management & Penetration Testing: Manage and coordinate third-party penetration testing and internal vulnerability assessments of our products. Develop and oversee the remediation action plan.

●        Incident Response: Develop, implement, and maintain an incident response plan for product-related security events, including vulnerability disclosure policies.

Corporate Security & Compliance:

●        Continuous Security Assessment & Strategy: Continuously assess the company’s security posture against evolving business needs and emerging threats. Identify relevant security standards (e.g., SOC 2, HIPAA, NIST CSF), perform regular gap analyses, and own the strategic roadmap for assessment, implementation, and improvement.

●        Compliance Frameworks (SOC 2 / HIPAA): Lead the initiative to achieve and maintain SOC 2 certification for our platform and business operations. Develop and manage the security controls and policies required for SOC 2 and HIPAA Security Rule compliance.

●        Corporate Security Governance: Develop, implement, and enforce company-wide information security policies, procedures, and standards.

●        IT & Cloud Security: Conduct security architecture reviews and risk assessments of our corporate IT and cloud infrastructure (AWS/GCP/Azure). Implement and manage security controls to protect corporate data and systems.

●        Vendor & Third-Party Risk Management: Establish and manage a program to assess and monitor the security posture of third-party vendors and partners.

●        Identity & Access Management (IAM): Oversee and improve the company’s IAM policies and solutions to ensure the principle of least privilege is maintained.

What You Will Bring:

●        5+ years of experience in cybersecurity, with at least 3-5 years in a hands-on, senior or lead role.

●        Proven experience in a regulated industry, with a strong preference for MedTech (medical devices), HealthTech, or Life Sciences.

●        FDA Expertise: Demonstrated, hands-on experience with FDA cybersecurity guidance for medical devices, contributing to the cybersecurity sections of regulatory submissions (e.g., 510(k), PMA), and acting as a subject matter expert in direct interactions with regulatory bodies (e.g., responding to submission questions, participating in audits).

●        Compliance Expertise: Direct experience leading or playing a primary role in achieving and maintaining SOC 2 and/or HIPAA compliance.

●        Product Security: Strong experience with application security, secure SDLC practices, threat modeling (e.g., STRIDE), and vulnerability management for software products.

●        Cloud Security: Deep knowledge of securing cloud environments and services (AWS, GCP, or Azure).

●        Technical Skills: Proficiency with security assessment tools, IAM systems, endpoint protection, and network security concepts.

●        Bachelor’s degree in Computer Science, Information Security, or a related field.

●        Relevant professional certifications are highly desirable (e.g., CISSP, CISM, HCISPP, CSSLP).

Share this job:
Please let Q Bio know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

Latest Jobs at Q Bio

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply