Product Security Engineer Lead

Product Security Engineer Lead

Summary

Product Security Engineer Lead responsible for building, leading, and scaling a high-performing product security team within the RCI division. The role defines product cybersecurity strategy and embeds security-by-design across the full product lifecycle to meet regulatory and business objectives.

Responsibilities

• Lead, mentor, and manage a team of product cybersecurity engineers
• Build a collaborative, inclusive, and high-performance team culture
• Define and execute a multi-year product security roadmap aligned with enterprise cybersecurity strategy
• Prioritise resources to balance business needs, risk exposure, and regulatory obligations
• Develop technical and cybersecurity capability through coaching and structured development
• Define and monitor metrics for security maturity, vulnerability trends, and team performance
• Provide technical leadership on secure product architecture and vulnerability management
• Embed security-by-design principles across development and post-market activities
• Partner with R&D, Quality, Regulatory, Legal, and Executive leadership to communicate security posture
• Lead post-market cybersecurity activities including vulnerability assessment, patching, and mitigations
• Ensure compliance with FDA, EU MDR, ISO/IEC 27001, IEC 62443, and global cybersecurity expectations
• Act as a key stakeholder in design reviews, risk assessments, and incident response planning
• Collaborate with product management and customer support on transparent security communications
• Evaluate emerging threats and technologies to proactively strengthen product security
• Ensure alignment with BD development policies and software quality procedures

Requirements

• Bachelor’s or Master’s degree in Cybersecurity, Computer Science, Engineering, or related discipline
• 8+ years’ experience in product cybersecurity within regulated or medical device environments
• Proven experience leading technical teams and defining long-term security strategy
• Strong knowledge of secure development practices, threat modelling, and risk management
• Experience working within regulated quality and regulatory frameworks
• Excellent stakeholder engagement and communication skills
• Certifications such as CISSP, CISM, or CEH are advantageous
• Experience with embedded systems, IoT, and cloud-connected products
• Familiarity with DevSecOps tools and methodologies

Benefits

• Comprehensive healthcare coverage, including options for family members
• Competitive pension scheme with employer contribution
• Performance-related incentive bonus
• Opportunity to participate in a company share investment or savings programme
• Life assurance cover
• Generous annual leave entitlement plus public holidays

#LI-MS2