We are changing the standard of care for millions of untreated sufferers of ENT conditions. We improve patient access to life-changing relief through safe, practical, and effective innovation that changes how and where patients are served. Aerin differentiates itself with our commitment to providing straightforward and clinically proven products so that ENTs and their patients can make treatment decisions together without limits.
At Aerin Medical our values show up as: always seeking the collective good, holding ourselves and each other accountable, showing respect with compassion, creation and innovation and being all in.
As the Software Design Assurance Engineer, you will be an essential part of our mission-driven team, dedicated to transforming the lives of those with untreated ENT conditions. Your role will involve contributing directly to our commitment to innovation and improved patient care.
PURPOSE OF THE JOB:
This position ensures the quality and security of medical device software throughout its lifecycle. Key responsibilities include developing software maintenance plans, performing safety and security risk assessments, designing secure architectures, and overseeing software validation and security testing. This role ensures compliance with regulatory standards, evaluate software safety and security risks, and actively participate in the software development process by reviewing SW requirements, SW designs, and test procedures, bug defects impact assessment and corrections. Additionally, the engineer will lead efforts in security vulnerability management, implementing security controls, and supporting the CAPA process, all while driving continuous improvement in safety and security risk management and software quality.
MAJOR DUTIES AND RESPONSIBILITIES:
Product Design
- Ensure the quality and security of medical device software development throughout its life cycle
- This position requires a deep understanding of software assurance activities, including security risk assessment plans, and software bills of materials (SBOMs), vulnerability management, supporting SW defect tracking and resolution
- Design secure SW architectures, performing and supervising security testing, and monitoring vulnerabilities to ensure compliance with applicable regulatory requirements and industry standards
- Determine software safety classifications, test readiness, and release readiness, as well as in assessing the security risk profile for applicable devices
- Participate in the software development process, reviewing and approving software requirements, design documents, test procedures, and results maintaining traceability.
- Provide management with updates on project status and software quality metrics, ensuring that any critical issues related to safety, data security, or usability are quickly escalated
- Analyze system designs for vulnerabilities, define security controls, and collaborate with engineers and regulatory teams to ensure compliance with US and EU cybersecurity regulations
- Support the supplier audit process and the Corrective and Preventive Action (CAPA) process, contributing to the overall quality assurance efforts related to cybersecurity risk management
- Drive continuous improvement in the medical device software engineering process by authoring, reviewing, and approving procedures and work instructions.
- Lead software assurance activities throughout the medical device software life cycle
- Create and manage software maintenance plans/activities and security post market monitoring plans
- Monitor and analyze vulnerabilities and ensure compliance with regulatory requirements, support the Coordinated Vulnerability Disclosure Policy
Others
- Support complaint investigation related to software and review for adequacy and closure.
- Support supplier audits and external regulatory body audits.
- Analyze and track product quality data/metrics in support of Quality Objective and Management Review
- Support and provide inputs to other non-product related issues such as non-conformity, complaint, and CAPA
- Support quality system implementation projects
- Any other tasks as assigned
EDUCATION REQUIREMENTS:
- Bachelor’s degree or diploma in Computer Science, Cybersecurity or similar technical highly preferred.
EXPERIENCE REQUIREMENTS:
- 2-3 years of experience in medical device software or regulated industry is required
- Experience with embedded systems, and cellular technologies is required
- Working knowledge of premarket and post market medical device regulations (FDA, EU) and standards (ISO 13485, ISO 14971, IEC 62304, ANSI/AAMI SW96) is required
- Experience leading and documenting threat modeling and vulnerability assessments using frameworks like CVSS is preferred
- Experience conducting penetration testing and static analysis security testing (SAST)
- Knowledge in any one of the following: C/C++, C#, Python or similar high level programming language.
- Experience working with Cryptography or related security technologies is a plus.
OTHER QUALIFICATIONS:
- Independent, high level of initiative and ownership to drive department and organization goals
- Good problem-solving skills
- Proactive and ability to work well with cross-functional departments and stakeholders in a constructive manner
- Excellent interpersonal and communication skills (both verbal and written) that allow for effective communication within all levels of organization
BENEFITS AND PERKS:
Our culture is rooted in our core values every day, in everything we do.
Our benefits focus on the 5 dimensions of wellbeing: physical, financial, emotional, career and community. Physical benefits include Medical – PPO & HSA with co-contribution, Dental, Vision, Accident Insurance, Critical Illness, Hospital Indemnity, and onsite Tonal & Peloton. Financial benefits include HSA/FSA, 401k with company match, Lifestyle Spending Account, Long Term Disability, Life Insurance, a monthly stipend to cover phone and tech costs, employee discounts, and weekly office lunches. Emotional benefits include Employee Assistance Program, 5 free counseling sessions per issue per year, 80 hours sick leave, 13 holidays, and flexible vacation (exempt employees). Career and Learning & Development opportunities with Aerin led leadership trainings. Community initiatives which include Aerin “give back” week, family days as well as Aerin holiday giving.