Senior Product Cybersecurity Engineer II

Why join Freenome?

Freenome is a high-growth biotech company developing tests to detect cancer using a standard blood draw. To do this, Freenome uses a multiomics platform that combines tumor and non-tumor signals with machine learning to find cancer in its earliest, most-treatable stages.

Cancer is relentless. This is why Freenome is building the clinical, economic, and operational evidence to drive cancer screening and save lives. Our first screening test is for colorectal cancer (CRC) and advanced adenomas, and it’s just the beginning.

Founded in 2014, Freenome has ~400 employees and continues to grow to match the scope of our ambitions to provide access to better screening and earlier cancer detection.

At Freenome, we aim to impact patients by empowering everyone to prevent, detect, and treat their disease. This, together with our high-performing culture of respect and cross-collaboration, is what motivates us to make every day count.

Become a Freenomer

Do you have what it takes to be a Freenomer? A “Freenomer” is a determined, mission-driven, results-oriented employee fueled by the opportunity to change the landscape of cancer and make a positive impact on patients’ lives. Freenomers bring their diverse experience, expertise, and personal perspective to solve problems and push to achieve what’s possible, one breakthrough at a time.

About this opportunity:

At Freenome, we are seeking a Senior Product Cybersecurity Engineer II to help grow the Freenome Engineering team. The ideal candidate is experienced in product cybersecurity for medical devices or in-vitro diagnostics (IVD). This person is responsible for all things related to leading the design and implementation of cybersecurity measures for medical device software, hardware, and/or digital solutions. This role involves working closely with product development teams, product management, corporate InfoSec, regulatory, quality and compliance teams to ensure that all products meet the highest standards of cybersecurity and privacy in line with regulatory and customer requirements. You are passionate about maturing product cybersecurity architecture within the medical device or IVD sector, and you will have a significant impact on the continued growth of an organization dedicated to changing the entire landscape of cancer.

This role reports to the Director, Software Engineering. This role will be a Remote role, based in the US.

What you’ll do:

• Develop and maintain security architecture for medical device products, ensuring that cybersecurity is integrated into the product lifecycle from design through deployment and updates
• Conduct threat modeling, risk assessments and vulnerability analysis to identify potential cybersecurity threats for medical devices. Develop and implement strategies to mitigate the cybersecurity risks
• Identify and drive implementation of security standards, protocols, encryption, authentication mechanisms and other implementations to ensure confidentiality, integrity and availability of medical devices in collaboration with the software engineers
• Drive the cybersecurity testing activities for medical devices in collaboration with internal and external partners
• Ensure that all medical device products comply with relevant national regulations and standards, such as HIPAA and FDA guidelines for medical devices
• Work with product management, engineering, IT, InfoSec, and external stakeholders to define cybersecurity requirements and ensure that products meet these requirements
• Stay abreast of the latest cybersecurity trends, threats, and technologies in the medical device sector. Recommend innovative security tools and technologies to enhance product cybersecurity
• Provide coaching and mentorship to others in product cybersecurity topics and activities

Must haves:

• Bachelor of Science in Computer Science, Cybersecurity, Engineering, or related field or equivalent training, fellowship, and/or work experience
• 6+ years of related work experience within medical device or IVD sector
• Experience in product cybersecurity, particularly in the design and implementation of cybersecurity solutions for medical devices or related healthcare technology
• Deep understanding of healthcare regulations and standards affecting medical device cybersecurity
• Proficiency in security architectures, encryption technologies, identity and access, and network security
• Experience with risk management methodologies and security assessment tools
• Excellent communication and interpersonal skills, with the ability to explain complex cybersecurity concepts to non-technical stakeholders

Nice to haves:

• Familiarity with the following industry frameworks & regulatory standards: HIPAA, HITECH, HITRUST, NIST Cybersecurity Framework, SOC 2
• Relevant professional certifications (e.g., CISSP, CISM, CISA, CRISC) are highly desirable

Benefits and additional information:

The US target range of our base salary for new hires is $161,925 - $247,000. You will also be eligible to receive pre-IPO equity, cash bonuses, and a full range of medical, financial, and other benefits depending on the position offered. Please note that individual total compensation for this position will be determined at the Company’s sole discretion and may vary based on several factors, including but not limited to, location, skill level, years and depth of relevant experience, and education. We invite you to check out our career page @ freenome.com/job-openings/ for additional company information.

Freenome is proud to be an equal-opportunity employer, and we value diversity. Freenome does not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law.

*Applicants have rights under Federal Employment Laws. *

• Family & Medical Leave Act (FMLA)
• Equal Employment Opportunity (EEO)
• Employee Polygraph Protection Act (EPPA)

#LI- Remote