Lead Software Engineer - Product Security and DevOps

Job Function: Lead Software Engineer
Job Family: Software Engineering
Job Level: P17

Job Summary:
The Lead Software Engineer is a senior individual contributor role focused on building secure, reliable, and maintainable software products in a regulated medical product environment. The role combines product security, hands-on software development, and DevOps practices, with an expected focus of approximately 50% Product Security, 30% Software Development, and 20% DevOps. The engineer will help embed security into the software development lifecycle, contribute to product code and technical design, and support automation, CI/CD, and release readiness activities. This role is best suited for a strong software engineer who has practical security knowledge and can partner with engineering, quality, regulatory, and cybersecurity teams to deliver secure and compliant products.

Key Responsibilities:

• Product Security Engineering: Support secure software development practices across product teams, including security requirements analysis, threat modeling, secure design review, secure coding guidance, vulnerability assessment, and security validation. Help teams identify, prioritize, and remediate security risks in product software, APIs, cloud-connected components, databases, and supporting engineering environments.
• Security Testing and Vulnerability Management: Perform or support security testing activities such as static analysis, dynamic analysis, software composition analysis, dependency review, basic penetration testing support, and vulnerability triage. Work with engineering teams to define remediation actions, verify fixes, and maintain clear evidence for closure.
• Software Development: Design, develop, debug, test, and maintain product software and supporting engineering components using languages such as Java, C, C++, or Python. Contribute to technical design, code reviews, defect resolution, and product improvements with a focus on security, quality, reliability, and maintainability.
• DevOps and Automation: Support CI/CD pipelines, build and release automation, source control workflows, automated testing, and integration of security checks into engineering pipelines. Help improve deployment confidence, traceability, and engineering efficiency through practical automation and tooling.
• Documentation and Compliance Support: Prepare and maintain required engineering and security documentation such as threat models, security assessment summaries, test evidence, design notes, vulnerability records, and remediation reports. Support compliance expectations aligned with applicable product security, quality, and regulatory frameworks.
• Cross-Functional Collaboration: Partner with software, systems, quality, regulatory, DevOps, and cybersecurity stakeholders to communicate risks, recommend practical solutions, and drive security and engineering improvements through the development lifecycle.
• Continuous Improvement: Identify opportunities to improve secure development practices, automation, code quality, testing depth, and release readiness. Mentor engineers on secure coding, vulnerability remediation, and practical DevSecOps adoption.

Education and Experience:

• Education: Bachelor’s degree in Computer Science, Software Engineering, or a related technical field is required.
• Experience: 8+ years of professional experience in software development, product security, DevOps, or related engineering roles. The ideal candidate should have a strong software engineering foundation with practical exposure to secure software development and engineering automation.
• Core Technical Skills: Hands-on experience in at least one major programming language such as Java, C, C++, or Python. Working knowledge of secure coding practices, vulnerability remediation, source control, CI/CD concepts, and common software development tools is required.
• Preferred Skills: Experience with regulated product development, medical device software, cloud platforms, container technologies, observability tools, or security testing tools is preferred but not mandatory.

Role Competencies Requirements:

• Product Security: Working knowledge of secure SDLC practices, threat modeling, secure design review, secure coding, vulnerability assessment, and remediation. Familiarity with OWASP Top 10, common vulnerability types, and security testing concepts is expected.
• Software Engineering: Strong ability to design, code, debug, test, and maintain software. Ability to understand product requirements, contribute to technical design, perform code reviews, and deliver reliable implementations.
• DevOps and Automation: Working knowledge of Git-based workflows, CI/CD pipelines, build automation, automated testing, and integration of quality or security checks into development pipelines.
• Systems and Platform Awareness: Basic understanding of operating systems, APIs, networking, databases, and cloud or connected software environments. Ability to troubleshoot issues across code, build pipelines, and supporting environments.
• Regulatory and Quality Mindset: Awareness of documentation, traceability, risk management, and evidence expectations in regulated or quality-driven product development environments. Prior experience with medical device or safety-critical software is a plus.
• Problem Solving: Strong analytical skills with the ability to investigate technical issues, assess risk, recommend practical solutions, and drive issues to closure.
• Collaboration and Communication: Ability to work effectively with software, cybersecurity, DevOps, quality, regulatory, and product teams. Able to explain technical risks and recommendations clearly to both technical and non-technical stakeholders.