About the Job

At Foundation Medicine, we value our cybersecurity team as the first — and last — line of defense in protecting our sensitive data from cyberattack. The Software Quality Engineer is an experienced and vigilant Software Quality Professional responsible for ensuring that FMI software-enabled medical devices, and software supporting the FMI quality system are compliant with the cybersecurity expectations of our patients, physicians, partners and regulators, prevents breaches of all sizes, understands when they occur, and takes immediate steps to remediate them. In this role, the Software Quality Engineer is the bridge between FMI Product Owners, Software Owners, Software Engineering, Information Technology, Data Privacy and Regulatory Affairs, ensuring "security by design" and data protection are embedded into the FMI Quality Management System (QMS). 

The role will lead efforts to implement a Secure Product Development Framework (SPDF) and prepare documentation to support premarket submissions (De Novo, PMA, 510(k)).This individual has an understanding of cybersecurity standards and certifications in regulated healthcare, extensive knowledge of how cybercriminals work, and determination to never allow them access.

Key Responsibilities

• Regulatory Alignment & QMS Management: Provide guidance on QMS procedures to align with identified cybersecurity protection requirements, specifically integrating SPDF, threat modeling, and SBOM management into existing FMI Design Controls.
• Premarket Submission Support: Review and approve comprehensive cybersecurity documentation for regulatory compliance, including Security Risk Management Reports, Threat Models, and Security Architecture views
• Software Bill of Materials (SBOM) Management: Ensure the development and maintenance of compliant, machine-readable SBOM (e.g., SPDX or CycloneDX) for all software components, tracking vulnerabilities (CVEs) and managing supplier risks.
• Risk Assessment & Verification/Validation Oversight: Collaborate with Product Owners, System Owners, Information Security and Data Privacy to conduct cybersecurity risk assessments. Review and approve Cybersecurity and Data Protection requirements and verification results (vulnerability analysis, penetration testing) to ensure compliance with pre-determined acceptance criteria. 
• Post-market Surveillance & Patching: Support the development and implementation of a comprehensive post-market, software system cybersecurity vulnerability monitoring plan. Review and approves SOPs for timely patching and updating of fielded devices. 
• Cross-Functional Collaboration: Act as the subject matter expert (SME) advising FMI stakeholders on cybersecurity and data protection on medical device regulations, guidance’s, conformity and reference standards, and best practices during the entire Software Development Lifecycle (SDLC). 
• Audit Preparation: Support internal and external audits (FDA, Notified Bodies) regarding software validation and cybersecurity compliance. 
• Supplier Management: Collaborate with Product Owners, System Owners, Information Security and Data Privacy in the identification, selection and onboarding and management of suppliers to ensure that suppliers are capable of meeting the cybersecurity and data protection requirements of FMI. 
• Quality Management System: Maintain documentation of security guidelines, procedures, standards, and controls. 

Qualifications:

Basic Qualifications:

• Bachelor’s degree (or equivalent) in information systems, information technology, or related field 
• 2+ years of experience in software quality assurancer or cybersecurity at a midsize or large company in the healthcare or other regulated space. 
• Deep knowledge of IT, including hardware, software, and networks 
• Direct experience with regulatory or notified body cybersecurity submissions. 
• Experience with ISO 13485, IEC 62304 (Medical Device Software Lifecycle), and ISO 14971 (Risk Management). 

Preferred Qualifications:

• Meticulous eye for detail and an ability to multitask in a fast-paced environment 
• Strong abilities in critical thinking, problem-solving, logic, and forensics 
• Excellent verbal and written communication skills 
• Ability to work successfully in both individual and team settings 
• Ability to think like a hacker in order to stay ahead of threats 
• Understanding of HIPAA and importance of patient safety and data privacy regulations and guidelines 
• Commitment to reflect FMI’s values: Integrity, Courage, and Passion 

The expected salary range for this position based on the primary location of Boston, MA is $93,500 – $116,500 per year. The salary range is commensurate with Foundation Medicine’s compensation practice and considers factors including, but not limited to, education, training, experience, external market conditions, criticality of role, and internal equity. A discretionary annual bonus may be available based on individual and Company performance. This position also qualifies for Foundation Medicine’s benefits.

#LI-Hybrid