Key Responsibilities 

Product & Platform Security Architecture

• Define cybersecurity architecture for scientific instruments, embedded systems, and connected applications across Android, Debian, Java/C++, and Eclipse RCP platforms.

• Design secure architectures for desktop analysis applications (Java-based, Swing, RCP, and modern web-stack front ends). 

• Architect secure cloud infrastructure and applications in AWS, aligning with AWS Well-Architected Framework and healthcare/clinical data protection requirements. 

• Establish threat models and security controls for interconnected lab ecosystems (support for lab of the future), including ingestion pipelines, assay workflows, and instrument-to-cloud communication. 

Regulatory & Standards Compliance (Dx + Global) 

• IVDR Annex I and MDCG cybersecurity expectations 
• NMPA cybersecurity and data protection requirements 

• EU Cyber Resilience Act (CRA) obligations 

• SBOM/Software Lifecycle requirements (FDA, CRA) 

• Support RUO, Clinical Laboratory, and LDT workflows with appropriate risk-based security controls. 

• Ensure alignment with global standards: ISO 14971, 13485, 27001/27002, 62304, 81001-5-1, UL 2900, and OWASP MAS/ASVS. 

Secure Software Development Lifecycle (SSDLC) 

• Define and maintain secure coding and review practices for Java, C++, Python, and front-end frameworks. 

• Lead integration of Static Application Security Testing, Software Composition Analysis, IaC scanning, container security, and SBOM generation into CI/CD pipelines.

• Guide engineering teams on secure-by-design patterns, secret management, secure comms, and secure data flows. 

Threat Modeling, Risk Assessment & Vulnerability Management 

• Own threat modeling (STRIDE, attack trees, misuse cases) for instrument firmware, embedded OS, desktop clients, and cloud services. 

• Define vulnerability management processes across on-premise and cloud deployments. 

• Ensure secure configuration baselines for Android and Debian-based instruments. 

• Partner with product security teams to evaluate zero-day impact, develop mitigations, and coordinate disclosures where required. 

Cloud, Connectivity & Data Protection 

• Architect secure connectivity between instruments, desktop clients, and cloud systems, including TLS, mutual authentication, key rotation, and certificate management. 

• Oversee data privacy and protection controls (PII, PHI, genomic and assay-derived data) in compliance with HIPAA, GDPR, and global equivalents. 

• Ensure secure API design, identity & access management, least privilege-based role models, and zero-trust principles in AWS. 

Cross-Functional Leadership 

• Collaborate with system architects, R&D teams, product owners, CIS, and regulatory/quality teams to ensure all products meet security and regulatory expectations. 

• Provide cybersecurity requirements into PRDs, system architecture, and risk files. 

• Serve as the technical lead during regulatory submissions and audits (FDA, EU Notified Bodies, NMPA). 

• Champion security culture through training, secure design reviews, and best-practice guidance.