About MedSec
MedSec is a global leader in medical device cybersecurity, helping medical device manufacturers and healthcare organizations navigate the evolving cybersecurity landscape with confidence. We specialize in threat modeling, penetration testing, security risk management, regulatory compliance, and product security throughout the medical device lifecycle.
Our team combines deep technical expertise with real-world industry experience to deliver innovative, practical, and cost-effective cybersecurity solutions that support patient safety and regulatory success. Nearly all of our advisors have worked within the medical device industry, bringing firsthand knowledge of the challenges organizations face in developing and maintaining secure, compliant products.
At MedSec, collaboration, continuous learning, and excellence are at the core of everything we do. We partner closely with our clients to solve complex cybersecurity challenges while helping shape the future of secure healthcare technology worldwide.
Role Overview
MedSec is seeking a Principal Security Consultant specializing in penetration testing of medical devices, hardware platforms, firmware, wireless technologies, and connected healthcare ecosystems. This is a highly technical, hands-on role focused on identifying exploitable vulnerabilities and helping clients improve the security of safety-critical products. Approximately 70–80% of time is spent performing technical testing and analysis, with the remainder dedicated to client communication, reporting, and engagement support.
Candidates with experience in other regulated or safety-critical industries, including automotive, aerospace, industrial control systems, IoT, and healthcare technologies, are encouraged to apply.
Key Responsibilities
- Perform penetration testing on embedded hardware systems, medical devices, and supporting technology ecosystems.
- Assess end-to-end cybersecurity risks across medical device hardware, firmware, embedded operating systems, mobile applications, cloud environments, and related systems.
- Reverse engineer and decompile firmware, analyze memory dumps, and identify exploitable weaknesses across different hardware and software architectures.
- Conduct PCB analysis and trace debugging interfaces such as JTAG, I2C, SPI, and UART.
- Review software and hardware architecture diagrams, threat models, design documents, and related technical materials.
- Evaluate modern operating systems and embedded deployments for security hardening opportunities.
- Analyze Bluetooth, RF, and other wireless protocols using appropriate testing tools, including software-defined radio platforms.
- Communicate clearly with clients before, during, and after engagements, including technical findings, risks, and recommended remediation steps.
- Produce detailed, high-quality client reports following time-boxed assessments and MedSec reporting standards.
- Collaborate with security consultants, project managers, sales, and leadership to deliver successful client engagements.
- Maintain current knowledge of security tooling, emerging technologies, and active cybersecurity threats affecting the medical device landscape.
Required Qualifications
- 5+ years of security consulting experience, including penetration testing and delivery of client-facing reports or deliverables.
- + years of hardware and embedded systems design experience OR significant hands-on experience performing hardware security testing, firmware analysis, reverse engineering, and embedded system assessments.
- Hands-on experience with physical hardware security techniques, including soldering, chip analysis, on-circuit debugging, firmware dumping, and tamper evidence analysis.
- Deep understanding of operating systems and embedded deployments, including technologies such as Yocto, Windows IoT, QNX, and Zephyr RTOS.
- Experience assessing hardened devices, including kiosk breakout techniques, privilege escalation, and access to underlying systems.
- Strong client communication and consulting skills, including the ability to build trusted relationships, manage engagement expectations, and present technical findings to both engineering teams and executive stakeholders.
- Technical background in wireless technologies such as Bluetooth, Sub-GHz protocols, and NFC.
- Understanding of secure encryption and signing concepts, including secure boot, secure engines, on-chip hardware key vaults, and manufacturing key flashing.
- Bachelor’s degree in computer science, computer engineering, electrical engineering, cybersecurity, or an equivalent field.
Travel Expectations
Travel is expected for select client engagements and may represent approximately 10–25% of annual work. Typical engagements range from 5–9 weeks in duration, and when extended onsite work is required, MedSec supports periodic return travel home during the engagement.
Core Technical Competencies
- Experience with threat modeling, including client interviews, documentation review, asset identification, protection analysis, threat agent analysis, and data flow review.
- Understanding of TPM, firmware validation, secure engines, encrypted firmware deployment, low-power chipsets, and debugging programmers.
- Experience reading, analyzing, and modifying code in one or more languages such as C/C++, Python, Java, C#, Objective-C, or similar technologies.
- Familiarity with hardware testing tools such as Flipper Zero, LimeSDR, BladeRF, HackRF, USRP, Ubertooth, Cynthion, or Proxmark.
- Familiarity with medical device regulatory bodies and cybersecurity review expectations.
Preferred Qualifications
- Experience assessing regulated products within medical device, healthcare, automotive, aerospace, industrial control, or other safety-critical environments is highly valued.
- Experience with cellular communications man-in-the-middle technologies using tools such as osmocom, srsRAN, YateBTS, or similar platforms.
- Knowledge of side-channel attacks, including voltage glitching and glitch detection technologies.
- Experience with non-hardware security testing such as web application testing, red teaming, or source code review.
- Public security disclosures, bug bounty acknowledgements, public speaking engagements, security presentations, or active public repositories are a plus.
What Makes This Role Unique
- Fully remote, flexible work environment
- Work on real-world, safety-critical systems that directly impact patient lives
- Engage deeply with both engineering teams and regulatory stakeholders
- Flexible engagement: contract (1099)
What Success Looks Like
- Lead complex medical device penetration testing engagements with minimal oversight.
- Identify meaningful vulnerabilities and clearly communicate risk and remediation guidance.
- Deliver high-quality reports that enable engineering teams to efficiently address findings.
- Serve as a trusted technical advisor throughout client engagements.
Success requires strong communication skills, the ability to engage effectively with both technical and business stakeholders, hands-on technical depth, and the ability to produce high-quality reports that meet MedSec's standards.
Who You Are
- You take pride in producing clear, high-quality work that others can act on
- You are a strong communicator who can lead conversations, not just participate in them
- You thrive in a remote, collaborative environment and proactively engage with teammates
- You value professionalism, accountability, and cultural alignment within a team
- Compensation & BenefitsFor contract (1099) engagements:
- Competitive hourly or project-based rates
- Flexible workload and scheduling
To apply, please send your resume to: recruiter@medsec.com
Work Location: Remote