Principal Product Cybersecurity Engineer – Medical Device

The Principal Product Cybersecurity Engineer for the Medical Device Cybersecurity group will be tasked with securing Bayer Radiology medical devices and medical device software against potential cyber threats. This will include the review of cybersecurity vulnerabilities and assessing the likelihood of exploitation and any potential impacts to the safety and effectiveness of Bayer Radiology medical devices. Additionally, this role will be responsible for the design and development of solutions to mitigate any Cybersecurity risks assessed against Bayer Radiology medical devices, medical device software, and IT software products.


The primary responsibilities of this role, Principal Cybersecurity Engineer – Medical Device, are to:

  • Define cybersecurity requirements at the project level;
  • Provide cybersecurity expertise and leadership across the project;
  • Apply understanding of product/line and clinical applications to identify potential cybersecurity threats and develop mitigations;
  • Perform threat modeling on device security architecture and assess cybersecurity risks and risk mitigations;
  • Lead cybersecurity risk assessments and cyber signal incident responses;
  • Improve processes to enable more effective or efficient accomplishment of individual and team objectives;
  • Lead cybersecurity design reviews at the project level;
  • Independently plan and manage own work activities to department objectives;
  • Able to lead cross functional teams on projects at the project level;
  • Proactively provide technical consulting, leadership and advice to peers and program management;
  • Initiate and maintain strategic supplier and partner relationships with key individuals of other organizations, requiring skill in persuasion and negotiations of critical issues;
  • Independently communicate information at the project level;
  • Demonstrate skill for independent analysis and synthesis of solutions for problems, exhibiting creativity, foresight, innovation and judgment in anticipating and solving these problems;
  • The primary location of this role is Indianola, PA. This site is currently operating on a Hybrid model and will require at least 2 days a week at the Indianola, PA site (the remaining days will be residence-based). Relocation assistance will be offered.
  • Visa sponsorship may be offered for this role.


Your success will be driven by your demonstration of our LIFE values. More specifically related to this position, Bayer seeks an incumbent who possesses the following:

Required Qualifications:

  • Minimum of a Bachelor’s Degree in Cybersecurity Engineering, Computer Science, IT, or a related field;
  • Significant expertise in cybersecurity and depth in multiple cybersecurity related technical specialties;
  • Hands-on experience applying cybersecurity technologies (Network Security, Encryption, Firewalls, Intrusion Detection, etc.);
  • Strong knowledge of Software Design, Development, and Security Controls
  • Experience performing threat modeling, vulnerability testing, security risk analyses, and security assessments;
  • Experience with cybersecurity incident response and investigations;
  • Experience developing cybersecurity policies and procedures;
  • Experience with data privacy standards;
  • Must have one of the following:
    • FDA-regulated medical device product and/or Software as a Medical Device (SaMD) development experience
    • Similar applicable experience developing regulated products (i.e. Industrial Control Systems, Nucelar Security, etc.)

Preferred Qualifications:

  • At least 7 years of relevant experience with 3+ years as a recognized expert in cybersecurity;
  • At least 7 years of hands-on experience applying cybersecurity technologies (Network Security, Encryption, Firewalls, intrusion detection, etc.);
  • Experience with penetration testing, vulnerability scanning, and associated tools (like Wireshark, Metasploit, Nessus, etc.);
  • Experience reviewing security architecture and designs;
  • Experience with cybersecurity regulations and standards such as NIST Framework, FIPS, etc. is strongly preferred.



More Information

Apply for this job

Leave your thoughts

Share this job