Senior Engineer, Product Security

Many structural heart patients suffer from heart failure with limited options. Our Implantable Heart Failure Management (IHFM) team is at the forefront of addressing these unmet patient needs through pioneering technology that enables early, targeted therapeutic intervention. Our innovative solutions are not just transforming patient care but also creating a unique and exciting environment for our team members. It's our driving force to help patients live longer and healthier lives. Join us and be part of our inspiring journey.

How you'll make an impact

• Help secure a connected medical technology ecosystem spanning cloud platforms, web applications, mobile applications, APIs, data platforms, embedded/sensor-adjacent systems, and AI/ML-enabled capabilities.

• Partner with software engineering, platform architecture, data engineering, DevSecOps, quality, regulatory, and enterprise security teams to embed security into the product development lifecycle.

• Perform security architecture reviews, threat modeling, design reviews, and risk assessments for new product features, platform services, integrations, and data workflows.

• Drive secure-by-design practices across application, cloud, data, and device-connected product development.

• Support implementation and continuous improvement of secure SDLC practices, including SAST, DAST, SCA, secrets detection, container/image scanning, infrastructure-as-code scanning, and vulnerability management.

• Help define and maintain product security requirements, standards, procedures, and evidence needed for regulated software development and compliance activities.

• Partner with engineering teams to triage vulnerabilities, prioritize remediation, assess residual risk, and ensure timely closure of security findings.

• Support penetration testing, third-party assessments, cybersecurity documentation, and product security evidence for regulatory submissions, audits, and customer security inquiries.

• Help mature product security capabilities across cloud security, application security, API security, mobile security, data security, identity/access management, and secure deployment practices.

• Serve as a hands-on security partner to engineering teams, helping translate security requirements into practical technical solutions without slowing product innovation.

What you'll need (Required):

• Bachelor's degree in engineering or technical field plus 4 years of previous related experience criteria -or- Master's degree in engineering or technical field plus 2 years of previous related experience or equivalent work experience based on Edwards criteria

• Experience in product security, application security, cloud security, software security engineering, or secure software development.

• Strong understanding of secure software development lifecycle practices and how to apply them in modern product engineering environments.

• Experience securing cloud-based applications and services, preferably in AWS, Azure, or GCP.

What else we look for (Preferred):

• Hands-on experience with threat modeling, security architecture reviews, vulnerability management, and security risk assessments.

• Familiarity with modern application architectures, including APIs, microservices, containers, CI/CD pipelines, infrastructure-as-code, and cloud-native services.

Working knowledge of common application security risks and frameworks, such as OWASP Top 10, API Security Top 10, CWE, CVSS, and secure coding practices.

• Experience with security testing tools and practices, including SAST, DAST, SCA, secrets scanning, dependency scanning, and penetration testing coordination.

Ability to partner effectively with software engineers, product managers, architects, DevSecOps, QA, regulatory, and compliance teams.

• Strong written and verbal communication skills, with the ability to explain technical security concepts to both technical and non-technical stakeholders.

• Ability to balance security risk, product delivery, usability, regulatory expectations, and business priorities in a pragmatic way.

• Experience in regulated industries such as medical devices, digital health, healthcare technology, life sciences, financial services, or aerospace.

• Familiarity with medical device cybersecurity expectations, FDA cybersecurity guidance, IEC 62304, ISO 14971, UL 2900, SOC 2, HITRUST, or similar frameworks.

• Experience supporting cybersecurity documentation for regulatory submissions, audits, customer questionnaires, or third-party security reviews.

• Experience with mobile application security for iOS and Android platforms.

• Experience with data platform security, data governance, privacy-by-design, or AI/ML security considerations.

• Familiarity with identity and access management, authentication/authorization patterns, SSO, OAuth, OIDC, RBAC, and least-privilege access models.

• Experience with container security, Kubernetes security, CI/CD security, and DevSecOps automation.

• Experience working with vulnerability disclosure, incident response, security monitoring, or product security operations.

• Security certifications such as CISSP, CSSLP, GWAPT, GWEB, GCLD, AWS Security Specialty, or equivalent practical experience.

• Ability to operate in ambiguous environments, build scalable processes, and influence engineering teams through partnership rather than control.

• Passion for building secure, reliable, and trusted products that improve patient outcomes and clinician experiences.

Aligning our overall business objectives with performance, we offer competitive salaries, performance-based incentives, and a wide variety of benefits programs to address the diverse individual needs of our employees and their families.

For California, the base pay range for this position is $108,000 to $153,000 (highly experienced).

The pay for the successful candidate will depend on various factors (e.g., qualifications, education, prior experience). Applications will be accepted while this position is posted on our Careers website.

Edwards is an Equal Opportunity/Affirmative Action employer including protected Veterans and individuals with disabilities.

COVID Vaccination Requirement

Edwards is committed to protecting our vulnerable patients and the healthcare providers who are treating them. As such, all patient-facing and in-hospital positions require COVID-19 vaccination. If hired into a covered role, as a condition of employment, you will be required to submit proof that you have been vaccinated for COVID-19, unless you request and are granted a medical or religious accommodation for exemption from the vaccination requirement. This vaccination requirement does not apply in locations where it is prohibited by law to impose vaccination.