[< BACK]
// POSTED: Apr 17, 2026

Medical Device Security Consultant

APPLY NOW
About Nave Security Nave Security is a healthcare cybersecurity consultancy specializing in medical device security, FDA regulatory compliance, and HIPAA assessments. We work at the intersection of cybersecurity and healthcare innovation, partnering with medical device manufacturers, healthcare delivery organizations, and emerging technology companies to build secure, compliant products and systems. Our team leads cybersecurity initiatives in regulatory groups and maintains active involvement in shaping security standards for next-generation medical technologies. The Role We're seeking an experienced Medical Device Security Consultant to conduct security assessments and provide regulatory compliance guidance for medical device manufacturers and healthcare technology companies. You'll work directly with clients to identify security vulnerabilities, develop threat models, perform penetration testing, and guide manufacturers through FDA cybersecurity requirements and international medical device security standards. This role requires both deep technical security assessment skills and practical knowledge of medical device regulations. You'll translate complex security findings into actionable recommendations that align with FDA expectations, IEC standards, and manufacturer constraints. Primary Responsibilities Security Assessment & Testing • Conduct threat modeling sessions for medical devices using frameworks aligned with FDA guidance and IEC 81001-5-1 • Perform penetration testing on medical device software, firmware, mobile applications, and network interfaces • Execute security code reviews for embedded systems, mobile apps, and web-based medical device platforms • Assess cryptographic implementations, authentication mechanisms, and secure communication protocols • Identify vulnerabilities in device architectures, network designs, and third-party component integrations • Document security findings with technical depth, exploitability analysis, and remediation guidance Regulatory Compliance Advisory • Guide manufacturers through FDA premarket cybersecurity documentation requirements • Support clients in developing cybersecurity sections for 510(k) submissions, PMAs, and De Novo applications • Advise on compliance with IEC 81001-5-1, IEC 62443-4-1, IEC 62443-4-2, and related standards • Review and provide feedback on Software Bills of Materials (SBOMs), vulnerability management plans, and security architecture documentation • Assist with cybersecurity-related responses to FDA questions and deficiency letters • Support manufacturers in establishing processes for postmarket cybersecurity management Client Engagement & Delivery • Lead client engagements from initial scoping through final deliverable presentation • Translate technical security findings into business risk language for executive stakeholders • Develop tailored assessment methodologies based on device risk classification and architecture • Provide strategic recommendations that balance security requirements with product timelines and constraints • Maintain clear communication throughout assessment lifecycle, managing expectations and timelines • Support business development activities through technical expertise on proposals and scoping calls Required Qualifications Technical Expertise • 5+ years conducting security assessments, penetration testing, or security architecture reviews • Hands-on experience with medical device security assessments or IoT/embedded systems security • Strong understanding of common vulnerability classes (OWASP Top 10, CWE Top 25, etc.) and exploitation techniques • Experience with security testing tools and frameworks • Familiarity with secure development practices, threat modeling methodologies, and defense-in-depth principles Regulatory & Compliance Knowledge • Working knowledge of FDA cybersecurity guidance for medical devices and premarket submission expectations • Understanding of IEC 81001-5-1 security risk management processes or willingness to develop expertise quickly • Familiarity with HIPAA security requirements as they apply to medical devices and connected health systems • Experience translating regulatory requirements into practical security controls and documentation Professional Capabilities • Proven ability to manage client relationships and deliver projects independently • Excellent written communication skills with experience producing technical security reports for diverse audiences • Ability to explain complex security concepts to non-technical stakeholders including executives and regulatory teams • Strong analytical skills for assessing risk, prioritizing findings, and developing pragmatic remediation roadmaps • Self-directed work style with strong organizational skills for managing multiple concurrent projects Preferred Qualifications • Experience working directly with medical device manufacturers on premarket submissions or postmarket security programs • Familiarity with additional medical device standards (ISO 13485, ISO 14971, IEC 62443 series) • Knowledge of emerging medical technologies (neurotechnology, implantables, AI/ML-enabled devices) • Experience with security testing methodologies specific to wireless protocols • Understanding of supply chain security and third-party component risk management • Professional certifications (GIAC, OSCP, CTPS, PNPT, CISSP, ) are valued but not required What Success Looks Like • Independently scoping, executing, and delivering high-quality security assessments that meet client needs and regulatory expectations • Building trusted relationships with client engineering and regulatory teams through technical credibility and clear communication • Producing comprehensive, actionable reports that help manufacturers address security gaps and satisfy FDA requirements • Contributing strategic insights that help Nave Security refine service offerings and better serve the medical device community • Managing time effectively across multiple projects while maintaining quality and meeting deadlines Compensation & Logistics • Contractor rate commensurate with experience and expertise • Remote work arrangement with occasional travel to client sites or industry conferences • Flexible scheduling with project-based workload (volume will vary based on client engagement pipeline) • Opportunity to work on cutting-edge medical technologies and shape emerging security standards How to Apply Submit your resume along with a brief cover letter addressing: • Your most relevant medical device or healthcare security experience • An example of a security assessment you've led independently • Your familiarity with FDA cybersecurity requirements or medical device regulations
APPLY NOW

More Remote Jobs

Senior Outbound Transportation Manager (Remote)Apr 13, 2026AI/ML Engineering Manager (Remote in California)Apr 17, 2026Insurance Agent with TrainingApr 14, 2026Part-Time Remote Chat Operator – Customer Service and Lead Generation Specialist for Automotive Industry Clients at arenaflexApr 16, 2026Lead Offer Development AnalystApr 17, 2026Texas State DirectorApr 17, 2026**Experienced Customer Care Advisor – Remote Opportunity with arenaflex**Apr 16, 2026Team Services Strategy, Analyst - (REMOTE)Apr 15, 2026**Experienced Remote Sales Agent – Shipping Container Sales Representative – Flexible Hours, Up to $10,000 per Month**Apr 13, 2026Senior Project Manager, ENTApr 16, 2026**Experienced Entry-Level Data Entry Clerk – Join Skillastra's Dynamic Team and Kickstart Your Career in Data Management**Apr 13, 2026Remote Public Sector Sales Director- Top SecretApr 15, 2026Ticket Operations Representative [Remote]Apr 15, 2026Project Manager, Social & Influencer – ContractApr 16, 2026Property Management Assistant - Maintenance ProjectsApr 16, 2026
Interested in this role?Apply on iHire