Principal Engineer, Systems- Cybersecurity

at ICU Medical
Published June 2, 2023
Location Plymouth, MN
Category Default  
Job Type Full-time  



Position Summary

ICU Medical is currently hiring a Principal Engineer, Product Cybersecurity in Minneapolis, MN or Lake Forest, IL.

The Principal Engineer, Product Cybersecurity role will be an individual contributor on the team defining and maintaining the cybersecurity requirements and design ICU Medical's infusion pumps. This role will execute key product cybersecurity activities to support new product development and maintenance of on-market products including threat modeling, cybersecurity risk assessment, managing 3rd party testing, and monitoring for vulnerabilities.

This is a senior engineering role that is expected to be highly experienced in the development and maintenance of medical products and have a working knowledge of medical device cybersecurity. This role will be accountable for timely delivery of multiple major engineering deliverables and projects.

Essential Duties & Responsibilities

  • Delivery of some Product Cybersecurity portions of the Design History File including Threat Models, Cybersecurity Risk Assessments, System Security Design Documentation, and 3rd party security testing reports
  • Collaborate with other product development functions to drive the implementation of cybersecurity controls and best practices
  • Work with the Risk Management Team to build and maintain the cybersecurity-related portions of the Risk Management File
  • Participate in the maintenance of the risk management and testing traceability
  • Support the timely completion of product releases and design changes
  • Manage the handling and response to post-market cybersecurity issues and vulnerabilities
  • Assist in monitoring for vulnerabilities in 3rd party software in our released products
  • Contribute to the improvement of cybersecurity risk management and design processes
  • Support FDA and other regulatory audits of product design history and technical files
  • Work on special projects as assigned

Knowledge & Skills

  • Working knowledge of key cybersecurity principles such as confidentiality, integrity, authenticity, and availability and common cryptographic methods of implementing those principles
  • Familiarity with global regulatory requirements and guidance for medical devices (e.g., FDA Pre- and Postmarket guidance)
  • Familiarity with medical device standards and related documents such as AAMI TIR57, UL2900, IEC 80001, etc.
  • Product requirements and design input definition and decomposition
  • Experience with requirements management tools such as Magic Draw, Rational DOORS or similar is a plus
  • Hazard analysis and assurance cases is a plus
  • Knowledge of medical device software life cycle processes is a plus

Minimum Qualifications, Education, & Experience

  • Bachelor's degree in software, electrical, systems, biomedical or similar engineering or science discipline from an accredited college or university
  • Advanced degree in related fields is preferred
  • Minimum of 10 years of experience in product development or related experience
  • 2 years of experience in cybersecurity
  • 3 years working on medical devices or similar industries with high regulatory burdens such as aerospace or defense
  • Experience with drug infusion pumps is a plus

Work Environment

  • This is largely a sedentary role.
  • Work may be performed in a home office using standard office equipment.
  • Typically requires travel less than 5% of the time.

ICU Medical is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.