Cybersecurity Product Lead – Medical Devices

About Analog Devices

Analog Devices, Inc. (NASDAQ: ADI ) is a global semiconductor leader that bridges the physical and digital worlds to enable breakthroughs at the Intelligent Edge. ADI combines analog, digital, and software technologies into solutions that help drive advancements in digitized factories, mobility, and digital healthcare, combat climate change, and reliably connect humans and the world. With revenue of more than $9 billion in FY24 and approximately 24,000 people globally, ADI ensures today's innovators stay Ahead of What's Possible™. Learn more at www.analog.com and on LinkedIn and Twitter (X).

          

Cybersecurity Product Lead – Medical Devices

Analog Devices (NASDAQ: ADI) designs and manufactures semiconductor products and solutions that help our customers intelligently interpret the world around them—bridging the physical and digital worlds with unmatched technologies that sense, measure, and connect.

The Role

The Software and Digital Platforms team at Analog Devices is seeking an experienced Cybersecurity Product Lead – Medical Devices to provide cybersecurity leadership and regulatory governance across a designated portfolio of FDA-regulated medical device products.

In this role, you will define, govern, and execute the cybersecurity strategy across one or more medical device products throughout the full product lifecycle, with a primary focus on FDA-regulated development and 510(k) submissions. You will serve as the cybersecurity product owner and regulatory lead, ensuring security requirements are embedded into design controls, risk management, and software lifecycle processes in compliance with FDA cybersecurity guidance and internal Quality Management System (QMS) procedures.

The role partners closely with Engineering, Quality, Regulatory Affairs, Clinical, and Corporate IT Security teams to ensure cybersecurity is designed in from the outset, well-documented, and defensible during regulatory reviews and audits. The position also requires close coordination with software engineering teams and the broader product security organization to drive strategic security initiatives while identifying, assessing, and mitigating cybersecurity risks across the software development lifecycle.

Key Responsibilities

• Develop, review, govern, and execute QMS-regulated, cadence-based cybersecurity policies and procedures, managing ISMS execution to ensure repeatable, auditable operations and compliance with regulatory requirements, including FDA cybersecurity guidance.
• Act as the single point of accountability for cybersecurity decisions impacting product risk, regulatory posture, and release scope.
• Serve as a cybersecurity subject matter expert (SME) in FDA inspections, internal audits, and regulatory engagements.
• Continuously evaluate and enhance the organization’s cybersecurity program to adapt to evolving threats, risks, and operational challenges.
• Collaborate closely with Corporate IT Security teams to leverage enterprise tools, platforms, and infrastructure that support product portfolio security requirements.
• Partner with engineering teams to design secure system architectures, review designs, and ensure security control alignment with both product and corporate standards.
• Ensure cybersecurity requirements are fully integrated into Design Inputs, Design Outputs, Verification, and Validation activities under FDA Design Controls.
• Support engineering teams in the development of required cybersecurity-related design control documentation, including risk analyses and supporting evidence.
• Implement and oversee security monitoring tools and technologies, analyzing alerts and logs to detect, investigate, and respond to security threats as appropriate.
• Establish and enforce access control mechanisms for sensitive systems and resources while fostering a strong culture of security awareness and accountability.
• Evaluate the cybersecurity posture of third-party vendors and service providers by establishing and maintaining vendor risk management processes.
• Develop and lead incident response procedures, coordinate investigations, manage response efforts with internal and external stakeholders, and implement corrective actions to prevent recurrence.

Minimum Qualifications

• Minimum of 8 years of experience as a cybersecurity subject matter expert in secure product development, cybersecurity engineering, or technical product leadership within a software or technology organization.
• Working knowledge of modern cloud-based software platforms and managed services; experience with AWS is preferred.
• Strong understanding of secure coding practices and software security fundamentals.
• In-depth knowledge of Quality Management Systems (QMS) and FDA Design Controls.
• Working knowledge of cybersecurity-related regulatory and compliance frameworks.
• Familiarity with common security vulnerabilities (e.g., OWASP Top 10), security testing tools (SAST/DAST), and threat modeling methodologies.
• Experience working with recognized security frameworks and standards such as NIST, FedRAMP, and ISO/IEC 27001.
• Strong written and verbal communication skills, with the ability to present security risks, posture, and strategy to technical and executive audiences.
• Demonstrated success collaborating with enterprise-scale, cross-functional teams and managing security initiatives within a regulated QMS environment.
• Proven experience establishing and maintaining cybersecurity policies and procedures.
• Bachelor’s degree in computer science, Cybersecurity, or a related engineering discipline.

Additional Desired Skills and Qualifications

• Demonstrated experience supporting FDA-regulated medical devices, including 510(k) submissions.
• Strong working knowledge of FDA Design Controls, risk management, and regulated SDLC expectations.
• Direct experience authoring or reviewing FDA premarket cybersecurity documentation.
• Familiarity with relevant standards and guidance, including FDA cybersecurity guidance, IEC 62304, and ISO 14971.
• Experience with connected medical devices, SaMD, cloud-connected platforms, or AI/ML-enabled medical products.
• Excellent technical writing skills capable of producing regulatory-ready documentation.
• Industry certifications such as CISSP, CEH, GSEC, or related credentials.
• Master’s degree in Cybersecurity or a related field.

For positions requiring access to technical data, Analog Devices, Inc. may have to obtain export  licensing approval from the U.S. Department of Commerce - Bureau of Industry and Security and/or the U.S. Department of State - Directorate of Defense Trade Controls.  As such, applicants for this position – except US Citizens, US Permanent Residents, and protected individuals as defined by 8 U.S.C. 1324b(a)(3) – may have to go through an export licensing review process.

Analog Devices is an equal opportunity employer. We foster a culture where everyone has an opportunity to succeed regardless of their race, color, religion, age, ancestry, national origin, social or ethnic origin, sex, sexual orientation, gender, gender identity, gender expression, marital status, pregnancy, parental status, disability, medical condition, genetic information, military or veteran status, union membership, and political affiliation, or any other legally protected group.

EEO is the Law: Notice of Applicant Rights Under the Law.

Job Req Type: Experienced

          

Required Travel: Yes, 10% of the time

          

Shift Type: 1st Shift/Days

The expected wage range for a new hire into this position is $159,200 to $218,900.

• Actual wage offered may vary depending on work location, experience, education, training, external market data, internal pay equity, or other bona fide factors.

• This position qualifies for a discretionary performance-based bonus which is based on personal and company factors.

• This position includes medical, vision and dental coverage, 401k, paid vacation, holidays, and sick time, and other benefits.