Senior Product Cybersecurity Engineer in Danvers, Massachusetts at Samsung HME America Inc
Explore Related Opportunities
Job Description
Senior Product Cybersecurity Engineer
- Location: On-site in Danvers, MA
Who We Are
Samsung HME America (Healthcare and Medical Equipment) is Samsung’s U.S. medical imaging organization, delivering advanced diagnostic solutions across Ultrasound, Digital Radiography, and Computed Tomography. We lead nationwide sales, marketing, service, and distribution of Samsung’s imaging technologies, partnering with healthcare providers to strengthen diagnostic capabilities, streamline clinical workflows, and support better patient care. Samsung HME America also serves as the global manufacturing center for Samsung’s mobile Computed Tomography (mCT) business, leading the development of advanced CT systems used by healthcare providers worldwide.
Backed by Samsung Electronics’ global technology leadership, our teams work closely with clinicians to translate real-world challenges into innovative imaging solutions. Our culture combines a sense of urgency, customer focus, and clinical collaboration to advance the future of medical imaging.
Role Description
Responsible for ensuring that Samsung Healthcare’s medical imaging devices are designed, developed and maintained to protect against cybersecurity threats throughout the product lifecycle. Responsible for cybersecurity risk management, secure product development, DoD Risk Management Framework (RMF) compliance, vulnerability management and support of FDA and other global cybersecurity regulatory requirements.
Key duties and responsibilities, other duties may be assigned:
- Lead product cybersecurity incident response activities and coordinate technical escalations from customers, service teams and internal stakeholders.
- Maintain and support Department of Defense Risk Management Framework (RMF) compliance, including Authorization to Operate (ATO) packages, security documentation, continuous monitoring activities and Plan of Action & Milestones (POAM) management.
- Perform cybersecurity risk assessments, including asset identification, threat modeling, vulnerability analysis, and security control evaluation for medical devices.
- Collaborate with R&D teams to integrate cybersecurity throughout the secure software development lifecycle (SSDLC) and ensure traceability between cybersecurity requirements, risks, mitigations, verification activities and design documentation.
- Complete RFPs, RFQs, and security questionnaires during the sales process, and respond to customer cybersecurity inquiries
- Support cybersecurity verification and validation activities, including penetration testing, vulnerability assessments, security testing and remediation verification
- Coordinate vulnerability management activities including security advisories, CVE assessments, software bill of materials (SBOM) review, patch evaluation, remediation planning and security updates for all products
- Engage customers, government agencies, and other stakeholders to ensure compliance with cybersecurity requirements and define best practices
- Collaborate with sales and marketing to integrate cybersecurity as part of go-to-market strategy
- Stay current on applicable security laws, regulations and industry standards
- Maintain technical knowledge of Samsung Healthcare products and associated cybersecurity architecture
- Work independently with minimal supervision, and collaboratively as part of a cross functional team
- Effectively manage priorities while balancing technical, regulatory and business objectives.
Qualifications and Requirements: To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.
Education & Experience
- Bachelor's degree in Computer Science, Cybersecurity, Computer Engineering, Information Systems, or a related technical field.
- 5+ years of experience in a hands-on security engineering role
- Experience with ANSI/AAMI TIR57, UL 2900, ISO 14971, IEC 62304, IEC 81001-5-1
- and IEC/TR 80001-2-2.
- Extensive knowledge of FDA medical device cybersecurity guidance, NIST cybersecurity frameworks, FIPS publications, and DoD RMF processes.
- Experience securing network-connected medical devices, embedded systems, or regulated products preferred.
- Experience with one or more of the following
- Static and dynamic application security testing (SAST/DAST)
- SBOM generation and analysis
Computer & Analytic Skills
- Strong understanding of networking concepts, including Ethernet, TCP/IP, IPv4/IPv6, DNS, routing, switching, firewalls, and network segmentation.
- Working knowledge of Windows and Linux operating systems, system hardening, user access controls, and security configuration management.
- Ability to analyze complex technical issues, assess cybersecurity risks, and develop practical, risk-based recommendations.
- Experience interpreting security logs, vulnerability reports, penetration testing results, and cybersecurity assessments.
- Ability to manage multiple projects independently while working effectively in a fast-paced, cross-functional environment.
- Strong written and verbal communication skills with the ability to communicate technical concepts to engineering teams, management, customers, and regulatory agencies.
- Proficient with Microsoft Office (Excel, Word, PowerPoint, Outlook) and experience creating technical documentation and presentations.
Competencies
- Strong analytical and critical thinking skills with excellent attention to detail.
- Ability to assess cybersecurity risks and communicate technical recommendations to both technical and non-technical stakeholders.
- Excellent troubleshooting and problem-solving abilities.
- Ability to manage multiple priorities while meeting project deadlines.
- Strong organizational and documentation skills.
- Effective collaboration across engineering, regulatory, quality, IT, and customer-facing teams.
- Self-motivated with the ability to work independently and take ownership of technical initiatives.
- Commitment to continuous learning and staying current with evolving cybersecurity threats, technologies, regulations, and industry best practices.
- Ability to adapt to changing priorities and support business needs in a dynamic environment.
Physical Requirements
- Primarily a desk-based role requiring extended periods of sitting and computer use
- Close and distance vision required for extended screen work
Benefits
We offer a comprehensive benefit package which includes:
- Medical (Blue Benefit Administrators): 5 PPO Plans (with up to 95% employer contribution)
- Dental (Blue Cross Blue Shield): 2 PPO Plans (with up to 80% employer contribution)
- Vision (Blue Cross Blue Shield): 100% company paid
- Short/Long Term Disability, Life & AD&D (The Standard): 100% company paid
- 401k Retirement (Fidelity): 100% company match up to 5%
- Tax Deferred Health Care Savings Programs
- Accident Insurance, Critical Illness, Hospital Indemnity, Pet, Legal, ID Theft
- Generous paid time off, tuition reimbursement, and more!
Inclusion and Diversity Statement: We are an Equal Opportunity Employer and value diversity at all levels of the organization. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status, or any other characteristic protected by applicable law. We are committed to providing reasonable accommodation to individuals with disabilities throughout the application and employment process. If you require assistance or accommodation, please contact Human Resources.
ests.