Device Modeling Engineer Jobs in Texas (NOW HIRING)

Position Summary:

Spectral AI, Inc. (Spectral) is seeking a Cybersecurity Engineer to join our growing design and development team. The position is based in Dallas, Texas, with hybrid work flexibility in accordance with the Spectral Employee Handbook guidelines. The Cyber Security Engineer will support the design, development, and maintenance of secure medical device software systems, ensuring that cybersecurity controls are resilient and compliant with FDA regulations, international standards (e.g.. ANSI/AAMI SW 96:2003, IEC 62304, IEC 81001, ISO 14971, ISO 27001), and organizational security policies. The engineer will collaborate closely with Software Engineering, Hardware Engineering, Quality Assurance, Regulatory Affairs, Biomedical Engineering, Data Science, Systems Engineering, and IT internal teams to embed cybersecurity into design controls, risk management, regulatory submissions, and post-market surveillance activities.

Essential Duties and Responsibilities:

Product Cybersecurity

• Institute Security-by-Design practices throughout the entire lifecycle of the Spectral device software, AI models, firmware, and hardware.

• Develop and maintain cybersecurity standard operating procedures (SOPs) and work instructions that support compliance with regulatory and security requirements in all target markets for Spectral products.
• Support design reviews by providing security input and ensuring cybersecurity is integrated into design controls.

Cybersecurity Risk Management

• Perform cybersecurity risk assessments for medical device systems using structured methodologies (Threat Modeling, STRIDE, DREAD, Attack Trees, SBOM analysis).
• Execute and document risk evaluation aligned with AAMI TIR57, AAMI TIR97, FDA Premarket Cybersecurity Guidance, and ISO 14971.
• Participate actively in Coordinated Vulnerability Disclosure (CVD) processes, working with internal team and vendors to ensure vulnerabilities are responsibly reported, remediated, and communicated in alignment with industry best practices.
• Maintain and periodically update cybersecurity documentation and supporting artifacts, including:
  • Security risk assessment
  • Security risk management reports
  • Threat models
  • Cybersecurity requirements, testing, and traceability matrices in alignment with FDA guidance and IEC 81001

Secure Software Development (IEC 81001 and IEC 62304)

• Collaborate with software engineers to implement secure coding practices and structured code review processes.
• Ensure correct implementation of security requirements, encryption standards, authentication and authorization controls, and security-relevant logging.
• Evaluate SOUP/OTS components for vulnerabilities, maintenance status, and compliance with FDA software bill of material (SBOM) requirements.
• Support the creation and ongoing maintenance of SBOM (e.g. CycloneDX, SPDX) using automated tools such as HELM and Dependency-Check.

Vulnerability and Patch Management

• Perform vulnerability scanning across firmware, software, cloud services, Linux-based, and Windows-based cart devices.
• Triage and validate Common Vulnerabilities and Exposures (CVEs) relevant to device components, run-time environments, and third-party libraries.
• Prepare vulnerability mitigation plans and support development teams during remediation.
• Support integration of security controls across local, handheld, and cloud-connected medical devices.

Penetration Testing and Verification Support

• Prepare documentation, architecture diagrams, and accounts for test execution.
• Track findings, analyze root causes, and support remediation verification.

Incident Response and Monitoring

• Assist in establishing cybersecurity monitoring processes for fielded devices and cloud environments.
• Investigate security anomalies and incidents, perform log analysis, and support corrective/preventive actions (CAPA).

Qualifications:

Required education and experience:

• Bachelor’s degree or above in Computer Science, Cybersecurity, Electrical/Computer Engineering, or a related field.
• 3–5 years of proven experience in cybersecurity engineering, ideally within medical devices, healthcare technology, regulated software, or other safety-critical systems.
• Demonstrated proficiency in technical writing, ensuring accurate, comprehensive, and well‑structured documentation for software cybersecurity.

Knowledge, Skills and Abilities:

• FDA Premarket Cybersecurity Guidance
• IEC 62304 Software Lifecycle
• AAMI TIR57 / TIR97
• OWASP Top 10, CWE, and secure coding principles
• Familiarity with Transport Layer Security (TLS), certificate management, encryption protocols (e.g. AES, RSA), and authentication/authorization models.
• Understanding of cybersecurity vulnerabilities and FDA reporting requirements
• Understanding of Windows and Linux OS hardening, cloud security (AWS/Azure), and secure configuration.

Preferred Qualifications

• Experience supporting FDA medical device submissions with cybersecurity documentation.
• Hands-on experience with medical cart or handheld device security (Windows, Linux, embedded OS).
• Experience with cloud-connected medical systems (AWS IoT, secure APIs, VPN connections).
• Certifications such as Security+, CySA+, CISSP, GSEC, CEH, or industry equivalent.

Soft Skills

• Excellent written and verbal communication skills in English.
• Detail-oriented, strong analytical and problem-solving skills.
• Ability to prepare quality cybersecurity documentation suitable for regulatory review.
• Ability to collaborate across functional teams such as engineering, QA/RA, hardware, and clinical teams.
• Comfortable managing multiple concurrent security tasks.

Physical Requirements:

• Prolonged periods of sitting at a desk and working on a computer.

Travel:

Occasional support during off-hours for security events or release deadlines

Equal Employment Opportunity:

Spectral AI, Inc. is an equal opportunity and affirmative action employer. All applicants will be considered for employment without regard to race, color, ancestry, national origin, sex, gender, sexual orientation, marital status, religion, age, disability, gender identity, results of genetic testing, protected veteran status, or any other characteristic protected by applicable federal, state, or local laws.