Company Description

MedSec is exclusively dedicated to the unique challenge of medical device and healthcare cybersecurity. MedSec partners with medical device manufacturers and healthcare delivery organizations to help address cybersecurity in medical devices throughout all stages of the device lifecycle. With medical device manufacturers, MedSec leverages its cybersecurity expertise, coupled with its intimate knowledge of the healthcare regulatory and operating environments to offer support in design, architecture, verification, penetration testing, risk assessments, regulatory filings, and execution of security best practices in the development of new medical devices as well legacy systems. With Healthcare Delivery Organizations MedSec leverages its intimate knowledge of medical devices to offer software solutions for cybersecurity and asset management of connected medical devices in hospitals. MedSec is an active participant in helping move the cybersecurity healthcare community forward and participates in a number of standards and best practice committees involved in furthering cybersecurity for medical products.


Managing Consultants work alongside industry experts specializing in medical device cybersecurity. MedSec helps medical device manufacturers navigate the medical device regulatory environment for cybersecurity and software issues, establish robust, compliant product security programs, and develop effective strategies for ensuring medical device security. Projects will involve both onsite (at customer premises) and office-based work, so the ability to travel is a must. Titles and compensation will be commensurate with experience.

A successful candidate will support our medical device manufacturer advisory program, and assist with a variety of cyber-related activities, including the following:

  • Reviewing and assessing medical device manufacturer’s policies and procedures
  • Assisting in the preparation of formal gap assessment reports, identifying areas of improvement and recommendations for efficiencies
  • Supporting efforts related to security risk management, policy, program management, compliance, and standards conformance for cybersecurity, including NIST SP 800-53, NIST 800-30, UL 2900 series, ISO 62443 series, AAMI TIR 57, AAMI TIR 97, and
  • Assessing against global regulatory guidance, including US FDA, EU, Australia, Canada, China, Japan, France, Germany, South Korea, Saudi Arabia, and Brazil.
  • Researching to support US FDA software product classification
  • Leading timely completion of client deliverables and work products


  • 2+ years working in a Security Consulting/Professional Services practice
  • Ability to drive action to achieve results with minimal direction
  • Strong analytical, organizational, and time management skills
  • Experience with Microsoft Excel, Word, and PowerPoint
  • Ability to coordinate and be flexible with a cross-functional team
  • Keen attention to detail, grammar, and formatting
  • High drive for continuous learning and research
  • Strong communication (written and verbal) and issue resolution skills
  • Confident, highly effective proven relationship builder
  • Proven ability to grow a practice 30-40% annually
  • Sufficient application security knowledge to effectively communicate the value of our services to the client and translate that to revenue
  • Understanding of software development processes, technologies, architectures, practices, and software risk management
  • Willingness to travel as needed (~ 40%) post-Covid

Also, any of the following skills will be considered a plus:

  • Previous medical device cybersecurity experience
  • 2+ years running a Security Consulting/Professional Services practice in medical device or related industry
  • 2+ years selling consulting services, with some experience selling security consulting services
  • Knowledge of medical device cybersecurity guidance expectations, any global region
  • Experience creating and implementing one or more aspects of a medical device product security program, including any of the following:
    • Secure design
    • Security risk management
    • Vulnerability monitoring and management
    • Incident response
    • Coordinated a vulnerability disclosure process
    • Regulatory compliance
    • Strategic planning for cybersecurity
    • Security training