Senior Cybersecurity Engineer (Hybrid or Remote) at Q Bio

Redwood City, California, United States

Apply Now

$170,000 – $200,000Compensation

Senior (5 to 8 years)Experience Level

Full TimeJob Type

UnknownVisa

Healthcare, Medical DevicesIndustries

Requirements

Expertise in Secure Software Development Lifecycle (SDLC) integration for FDA-regulated medical devices
Experience leading threat modeling and security risk analysis (per ISO 14971)
Knowledge of FDA 510(k) submissions, IEC 62304, and medical device security standards
Ability to author, review, and own cybersecurity documentation for regulatory submissions
Skills in vulnerability management, penetration testing, and remediation planning
Experience developing incident response plans and vulnerability disclosure policies
Proficiency in compliance frameworks like SOC 2, HIPAA, NIST CSF
Background in security architecture reviews and risk assessments for IT and cloud infrastructure (AWS/GCP/Azure)
Expertise in vendor/third-party risk management programs
Knowledge of Identity & Access Management (IAM) and principle of least privilege

Responsibilities

Integrate security best practices and tools into every phase of the product development lifecycle (SDLC)
Lead and perform threat modeling and security risk analysis for medical device software
Author, review, and own cybersecurity documentation for FDA 510(k) and post-market plans; ensure alignment with FDA guidance and standards
Serve as primary cybersecurity SME for regulatory interactions, FDA submissions, and audits
Partner with teams to define and document security requirements, controls, and architecture
Manage and coordinate third-party penetration testing, internal vulnerability assessments, and remediation plans
Develop, implement, and maintain incident response plans for product security events
Continuously assess security posture, perform gap analyses against standards (SOC 2, HIPAA, NIST CSF), and own strategic roadmap
Lead SOC 2 certification and HIPAA compliance initiatives; develop and manage security controls and policies
Develop, implement, and enforce company-wide information security policies, procedures, and standards
Conduct security reviews and risk assessments of corporate IT and cloud infrastructure; implement security controls
Establish and manage vendor/third-party risk assessment and monitoring program
Oversee and improve IAM policies and solutions

Skills

SDLC

Threat Modeling

ISO 14971

FDA 510(k)

IEC 62304

Regulatory Compliance

Medical Device Security

Risk Analysis

Security Architecture

Q Bio

Offers preventive health assessments and monitoring

About Q Bio

Q.bio specializes in preventive medicine by detecting early signs of disease before symptoms occur, which allows for timely interventions. Their main product, the Q Exam, collects health data from various sources and stores it in a personalized BioVault, accessible through a telemedicine-friendly Q Dashboard. Unlike competitors, Q.bio offers a comprehensive health assessment and a subscription model for continuous monitoring, empowering clients to manage their health proactively. The company's goal is to transform healthcare by providing detailed insights that facilitate early disease detection.

San Carlos, CaliforniaHeadquarters

2015Year Founded

$65.2MTotal Funding

LATE_VCCompany Stage

HealthcareIndustries

11-50Employees