Security Architect, California

Bravens Inc., a wholly owned subsidiary of Ampcus Inc., is an information technology consulting and services company. Bravens is a leader in providing tailored staffing solutions across both IT and non-IT industries. We are in search of a highly motivated candidate to join our talented team and contribute to our ongoing success.

Job Title: Security Architect

Location(s): Hercules, CA

Key Responsibilities:

Develop and maintain comprehensive architecture and artifacts for multiple device platforms with the help of respective platform R&D team:

Global System View: High-level design illustrating interconnected systems and data flows.

Multi-Patient Harm View: Analyze and mitigate potential security threats leading to risks for multiple patients.

Updateability/Patchability View: Ensure systems support secure and timely updates/patches to address vulnerabilities.

Security Use Case View: Define security requirements and controls based on specific use cases and threat models.

Collaborate with cross-functional teams (Product, DevOps, IT, Regulatory) to integrate security into the product lifecycle.

2. Product Security Incident Response Team (PSIRT)

Lead the PSIRT process for R&D alongside PSIRT lead for IT, ensuring swift response and mitigation of product vulnerabilities.

Establish incident playbooks and coordinate root cause analysis (RCA) for reported security incidents.

Work with engineering teams to implement fixes and ensure long-term improvements.

3. Risk Assessment & Compliance

Perform risk analyses to evaluate security threats, especially those with potential impacts on patient safety.

Ensure compliance with FDA cybersecurity guidelines, including premarket and postmarket regulatory expectations.

Collaborate with Quality and Regulatory teams to provide security input for FDA submissions and audits.

4. System Updateability & Patchability

Design architecture that prioritizes efficient, secure software updates and patch management across deployed systems.

Establish automated processes for vulnerability scanning and remediation.

5. Collaboration & Stakeholder Communication

Provide technical leadership and mentoring to engineering and operations teams on secure design principles.

Communicate security risks, incidents, and mitigations to senior leadership and external regulators.

Qualifications:

Bachelor’s degree in Computer Science, Information Security, or a related field.

7+ years of experience in cybersecurity, including architecture design in a regulated environment (preferably FDA, healthcare, or medical devices).

Proven experience leading PSIRT processes, vulnerability management, and incident response.

Expertise in developing security architecture views and artifacts for complex systems.

Strong understanding of FDA cybersecurity requirements, standards (e.g., IEC 81001, NIST, OWASP, IMDRF etc.).

Experience with risk analysis methodologies focused on patient safety and multi-patient harm scenarios.

Knowledge of updateability/patchability frameworks and secure development lifecycle (SDLC).

Preferred:

Master’s degree in a technical field.

Certifications: CISSP, CSSLP, CISM, or equivalent.

Experience with cloud-based systems, IoT security, or medical device security.

Key Competencies:

Strong analytical and problem-solving skills with a focus on patient safety.

Ability to create detailed technical artifacts and communicate them effectively to both technical and non-technical stakeholders.

Leadership and project management skills in cross-functional, collaborative environments.

Excellent written and verbal communication skills

What the candidate brings?

Bachelor’s degree in Computer Science, Information Security, or a related field.

7+ years of experience in cybersecurity, including architecture design in a regulated environment (preferably FDA, healthcare, or medical devices).

Proven experience leading PSIRT processes, vulnerability management, and incident response.

Expertise in developing security architecture views and artifacts for complex systems.

Strong understanding of FDA cybersecurity requirements, standards (e.g., IEC 81001, NIST, OWASP, IMDRF etc.).

Experience with risk analysis methodologies focused on patient safety and multi-patient harm scenarios.

Knowledge of updateability/patchability frameworks and secure development lifecycle (SDLC).

Bravens is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veterans or individuals with disabilities.