Medical Device Cybersecurity Threat Modeler | US Only

About the Company

We are a specialized cybersecurity firm focused on securing medical devices and

healthcare technologies. Our team works with leading medical device manufacturers, from

early-stage innovators to global organizations, to identify and mitigate cybersecurity risks

that could impact patient safety and product integrity.

Our work sits at the intersection of offensive security, product engineering, and regulatory

compliance. We go beyond checkbox security to uncover real-world risk and help build

safer, more resilient connected medical technologies.

Role Overview

We are seeking a Medical Device Cybersecurity Threat Modeler to lead and support

threat modeling activities across a wide range of connected medical devices and

healthcare systems.

This is a fully remote role, requiring strong self-management, proactive communication,

and the ability to collaborate effectively with distributed teams and clients.

This role is ideal for someone who can think like both an attacker and a system architect;

someone who understands how medical devices are built, how they fail, and how

adversaries exploit them.

Just as importantly, success in this role depends on the ability to communicate clearly,

confidently, and professionally, both externally with clients and internally with team

members.

Key Responsibilities

• Lead and facilitate remote threat modeling sessions with client stakeholders and

internal teams

• Apply structured methodologies (e.g., STRIDE, attack trees, data flow diagrams)

to identify threats across system architectures

• Analyze system designs, firmware, software, and communication protocols to

uncover security weaknesses

• Present findings in a way that is accessible, credible, and aligned to both

technical and regulatory audiences

• Support alignment with FDA premarket cybersecurity guidance, ISO 14971 risk management, and IEC 81001-5-1. Threat modeling is not aligned with ISO 14971 (nor 62304 which is listed in another). Please refer to the FDA Premarket Cybersecurity Guidance, AAMI TIR 57, AAMI SW 96, IEC 81001-5-1, MITRE Threat Modeling Playbook.
• Develop and maintain threat modeling documentation suitable for regulatory submissions
• Actively participate in internal team discussions, peer reviews, and knowledge

sharing

Required Qualifications

• 4+ years of experience in cybersecurity, product security, or application security
• Hands-on experience performing threat modeling for complex systems
• Strong understanding of networking, operating systems, and common attack

vectors

• Experience with embedded systems, IoT, or medical devices
• Familiarity with one or more threat modeling frameworks (STRIDE, PASTA,

LINDDUN, etc.)

• Ability to read and interpret technical architecture diagrams and code (C/C++,

Python, or similar)

Critically important:

• Excellent communication skills, including:

o Leading client-facing discussions with clarity and confidence in a remote

setting

o Explaining complex security risks to both technical and non-technical

audiences

o Communicating effectively within a distributed team environment

• Strong organizational skills and the ability to work independently in a remote-first

environment

• Ability to build trust with clients through professionalism, clarity, and sound

judgment

Preferred Qualifications

• Experience in the medical device industry or other regulated environments
• Knowledge of FDA cybersecurity guidance, SBOMs, and premarket submissions
• Familiarity with ISO 14971, IEC 62304, IEC 81001-5-1
• Background in penetration testing or offensive security
• Experience modeling threats across Software as a Medical Device (SaMD), cloud,

mobile, and embedded ecosystems

• Understanding of wireless protocols (Bluetooth, Wi-Fi, BLE, proprietary RF)
• Consulting experience working directly with clients

What Makes This Role Unique

• Fully remote, flexible work environment
• Work on real-world, safety-critical systems that directly impact patient lives
• Collaborate with highly skilled security researchers and testers
• Influence product design decisions early, not just after deployment
• Engage deeply with both engineering teams and regulatory stakeholders
• Flexible engagement: full-time or contract (1099) depending on your preference

Who You Are

• You are curious, analytical, and methodical, with a natural instinct to think like an

attacker

• You take pride in producing clear, high-quality work that others can act on
• You are a strong communicator who can lead conversations, not just participate

in them

• You thrive in a remote, collaborative environment and proactively engage with

teammates

• You value professionalism, accountability, and cultural alignment within a team

Compensation & Benefits

Competitive compensation based on experience and engagement type

For full-time employees:

• Medical, dental, and vision insurance
• 401(k) plan
• Additional standard employee benefits

For contract (1099) engagements:

• Competitive hourly or project-based rates
• Flexible workload and scheduling

This is a great company with an amazing team! Please include your CV and in your cover letter include your salary requirements, LinkedIn profile URL, and send via Indeed.

Thank you for your time and interest.

Kathleen

Pay: From $125.00 per hour

Benefits:

• 401(k)
• Dental insurance
• Flexible schedule
• Health insurance
• Paid time off
• Vision insurance

Work Location: Remote