LanceSoft, Inc.
Job Description
Title: Sr. Staff Product Development Engineer/ Senior Product Security Architect Location: San Diego, CA 92130 (Applications must be located in the Orange County / San Diego metro area.) Duration: 7months (May 18, 2026 – Jan 2, 2027) Shift Schedule: 9 AM to 5 PM Onsite Overview We are seeking a Senior Product Security Architect to lead security architecture and security engineering governance for Client’s Dispensing business unit. The Dispensing portfolio includes FDA Class I and Class II medical devices and their associated cloud-connected platforms. This role focuses on risk-based security that ensures patient safety, data protection, and regulatory readiness. Role Focus: Apply risk-proportionate security controls Emphasize secure-by-design and secure-by-default Enable efficient FDA submissions (510(k), De Novo) Balance usability, workflow, and security Key Responsibilities Security Architecture & Design Define end-to-end security architecture across devices, apps, and cloud Establish baseline security patterns (auth, encryption, secure updates) Conduct Threat Modeling, Risk Assessments, Requirements/Controls Mapping, Security White Papers Lead and Drive Security Design Reviews & Roadmap Remediations/Mitigations Secure SDLC: Implement lean Secure SDLC aligned to NIST, OWASP, and BSIMM Integrate SAST, SCA, secrets scanning, container/IaC scanning Define minimum viable security gates Regulatory & Compliance: Support FDA cybersecurity documentation (threat models, SBOMs, risk assessments) Align with IEC 62304, ISO 14971 Ensure audit-ready documentation Cloud Security: Architect secure integrations with Client’s Cloud Platforms Secure device-to-cloud data flows SBOM & Vulnerability Management: Establish SBOM processes (SPDX, CycloneDX) Implement continuous vulnerability monitoring Define risk-based remediation SLAs Cross-Functional Leadership: Collaborate with engineering, quality, regulatory, and product teams Translate security into patient safety and business risk Mentor teams Required Qualifications: 10+ years cybersecurity experience Experience with FDA Class I/II devices Knowledge of embedded, cloud, and application security Familiarity with FDA submissions Preferred Qualifications Experience with IoMT ecosystems Knowledge of FDA Cybersecurity Pre & Post Market Guidance, UL 2900, AAMI TIR57/TIR97 DevSecOps experience Certifications (CISSP, CCSP, CSSLP) Key Competencies Ability to right-size security controls Strong risk-based decision-making Communication across technical and non-technical teams Success Metrics SBOM completeness Reduction in critical vulnerabilities FDA submission success Time-to-remediate vulnerabilities