Principal Software Cybersecurity Engineer

Principal Software Cybersecurity Engineer

We are currently seeking a talented and driven Principal Software Cybersecurity Engineer, to join our team. The Principal Cybersecurity Engineer – Software, will have the opportunity to contribute to the life cycle of secure embedded and digital software applications that preserve donated hearts, lungs, livers, and other organs on the OCS.

This position is responsible for, but not limited to, the following:

• Work with relevant stakeholders to determine customer needs for secure embedded and digital software applications
• Elicit cybersecurity software requirements to support customer needs
• Perform end-to-end system security risk analysis activities
• Perform threat modeling, vulnerability assessments, pen tests, and static/dynamic analysis (SAST/DAST)
• Ensure regulatory compliance with FDA pre-market/post-market guidelines, NIST SP 800-series, IEC 62304, and ISO 14971
• Implement cryptographic controls, secure boot, authentication, and hardened operating systems
• Create software requirement specs, risk assessments, and secure architecture designs
• Manage Software Bill of Materials (SBOM) to analyze third-party component risks
• Support patching and remediation of security vulnerabilities on connected devices
• Participate in cybersecurity assessment and ensure a secure architecture and design
• Develop and maintain software development procedures per regulatory standards, e.g., FDA guidance, IEC 62304
• Support quality audits and the development of FDA submissions
• Perform other TransMedics tasks and duties as assigned/required.

This position will not have management responsibilities.

General Office Environment

• Ability to lift up to 25 lbs.
• May travel up to 10% domestically / 10% internationally

BS/MS in Computer Science, Computer Engineering, or equivalent combination of education and experience.

10+ years of related experience in real-time embedded software, digital clinical software, medical device development, or product cybersecurity.

• Experience in implementing security controls and features in firmware and embedded software, such as secure boot, cryptographic services, and secure data storage.
• Experience in implementing protections for sensitive data stored on or transmitted by embedded devices.
• Experience in implementing digital signatures to verify the authenticity and integrity of data.
• Experience in applying secure hashing and generating and managing cryptographic keys.
• Experience in employing secure communication protocols like TLS/SSL.
• Experience in medical device security risk assessment, evaluation, and control.
• Experience in preparing and maintaining SBOM
• Familiarity with OWASP MASVS and mobile/web application security best practices
• Familiarity with SAST/SCA tools such as SonarQube
• (preferred) AWS Certified Security - Specialty certificate or experience with AWS security-related services such as GuardDuty, IAM, Security Hub, and WAF
• Knowledge of relevant cybersecurity regulations and guidelines (FDA pre-market and post-market guidance, section 2.4b CFR, IEC 81001-5-1, IEC 62443-4-1, JSP 2.0).
• Knowledge of cybersecurity relevant methods and tools (threat modeling, STRIDE, static/dynamic code analysis, system hardening, penetration testing, etc.).
• Understanding of post-market surveillance, vulnerability disclosure, CVEs, and incident response in regulated environments.
• Medical device software development experience with compliance to IEC-62304, IEC-82304, and FDA guidelines is a plus.
• Knowledge of regulatory and industry standards (e.g., NIST CSF, ISO 27001, IMDRF, EU MDR).
• Must be team-oriented with outstanding interpersonal and communication skills (written and verbal).
• Must be detail-oriented and highly organized.

TransMedics, Inc. is a commercial-stage medical technology company transforming organ transplant therapy for patients worldwide. Our mission is to help save more patients' lives by increasing access to viable donor organs for those who are awaiting an organ transplant. To accomplish this mission, we partner closely with transplant stakeholders worldwide and help expand their access to healthy donor organs, while delivering the highest quality technology, service, clinical care and outcomes.

Driven by a passion for improving patient care, we make the impossible possible and keep our employees at the center of everything we do. Together, we strive to enhance the quality of life for transplant recipients and their families, fostering hope and healing in the journey toward better health.

Maximize your potential at TransMedics, Inc.

TransMedics is committed to equitable and transparent compensation. The expected base salary range for this role is $172,900.00 – $215,700.00, which represents the company's current good-faith estimate of compensation for this position. Actual salary will depend on factors such as, but not limited to, candidate experience, qualifications, skills, and the specific work location. This role may also be eligible for bonuses, equity, and a comprehensive benefits package (medical, dental, vision, retirement savings, paid time off, and wellness resources). We comply with all U.S. pay transparency laws and do not request or consider salary history.

Employee Benefit: Medical with Health Reimbursement Account through Blue Cross/Blue Shield of MADentalVisionHealthcare Flexible Spending AccountDependent Care Flexible Spending AccountShort Term DisabilityLong Term Disability401K PlanPet insurance Employee Stock Purchase Plan

TransMedics is an equal opportunity employer and does not discriminate on the basis of race, color, religion, sex, national origin, marital status, age, disability or protected veteran status, or any other characteristic protected by law. We are committed to creating an inclusive environment for all employees.