Foundation Medicine logo

Cybersecurity and Data Protection Software Quality Engineer

Foundation Medicine · Boston, Massachusetts, United States

Information Technology Software & Development Full-time Posted 4 days ago

About this role

About the Job At Foundation Medicine, we value our cybersecurity team as the first — and last — line of defense in protecting our sensitive data from cyberattack. The Software Quality Engineer is an experienced and vigilant Software Quality Professional responsible for ensuring that FMI software-enabled medical devices, and software supporting the FMI quality system are compliant with the cybersecurity expectations of our patients, physicians, partners and regulators, prevents breaches of all sizes, understands when they occur, and takes immediate steps to remediate them. In this role, the Software Quality Engineer is the bridge between FMI Product Owners, Software Owners, Software Engineering, Information Technology, Data Privacy and Regulatory Affairs, ensuring "security by design" and data protection are embedded into the FMI Quality Management System (QMS)

The role will lead efforts to implement a Secure Product Development Framework (SPDF) and prepare documentation to support premarket submissions (De Novo, PMA, 510(k)).This individual has an understanding of cybersecurity standards and certifications in regulated healthcare, extensive knowledge of how cybercriminals work, and determination to never allow them access. Key Responsibilities Regulatory Alignment & QMS Management: Provide guidance on QMS procedures to align with identified cybersecurity protection requirements, specifically integrating SPDF, threat modeling, and SBOM management into existing FMI Design Controls. Premarket Submission Support: Review and approve comprehensive cybersecurity documentation for regulatory compliance, including Security Risk Management Reports, Threat Models, and Security Architecture views Software Bill of Materials (SBOM) Management: Ensure the development and maintenance of compliant, machine-readable SBOM (e.g., SPDX or CycloneDX) for all software components, tracking vulnerabilities (CVEs) and managing supplier risks

Risk Assessment & Verification/Validation Oversi

Apply for this role on Foundation Medicine’s official careers site.

Similar jobs