Insulet started in 2000 with an idea and a mission to enable our customers to enjoy simplicity, freedom and healthier lives through the use of our Omnipod® product platform. In the last two decades we have improved the lives of hundreds of thousands of patients by using innovative technology that is wearable, waterproof, and lifestyle accommodating.
We are looking for highly motivated, performance driven individuals to be a part of our expanding team. We do this by hiring amazing people guided by shared values who exceed customer expectations. Our continued success depends on it!
Position Overview
The Product Security Engineer is an experienced individual contributor who supports the design, implementation, and validation of product security controls across Insulet’s embedded, mobile, and cloud environments.
In this role, you will work under the guidance of senior product security architects and engineers to implement secure system designs, cryptographic mechanisms, device identity solutions, and PKI‑based trust models. You will collaborate closely with engineering, product, validation, regulatory, and compliance teams to integrate security requirements throughout the product lifecycle and support cybersecurity documentation aligned with FDA guidance for connected medical devices.
This role is well‑suited for an engineer who has strong hands‑on security experience and is looking to grow toward deeper architectural responsibility over time.
Key Responsibilities
Product Security Engineering
Contribute to the implementation of product security architectures that ensure confidentiality, integrity, and authenticity of communications and data flows.
Assist in the design, implementation, and review of secure communication protocols between embedded devices, mobile applications, and cloud services (e.g., mTLS, secure BLE, NFC).
Implement and support software‑ and hardware‑based security controls, including secure boot, software signing, device identity, hardware roots of trust, secure enclaves, and TEEs.
Participate in cryptographic and protocol reviews, focusing on correct implementation of key management, X.509 certificate validation, and mutual authentication mechanisms.
Apply established security standards and best practices (e.g., FIPS 140‑3, NIST SP 800‑57, PKCS#11) with guidance from senior team members.
Cross‑Functional Collaboration & Regulatory Support
Work with design, development, product, validation, regulatory, and compliance teams to help integrate security requirements into system design and verification activities.
Contribute to cybersecurity documentation for FDA and other regulatory submissions, ensuring technical accuracy and traceability under guidance.
Create and maintain security documentation, including design descriptions, threat models, and verification artifacts for assigned components or features.
Problem Solving & Technical Growth
Analyze product security issues and contribute to remediation plans using established tools, patterns, and frameworks.
Apply risk‑based thinking to identify potential security gaps and escalate concerns appropriately.
Participate in design reviews and technical discussions to build architectural judgment and product‑level security understanding.
Qualifications
Education
Bachelor’s degree in Computer Science, Information Security, Engineering, or a related field
Master’s degree is a plus but not required
Experience
3–5 years of experience in product security, embedded security, applied cryptography, or related domains.
Experience contributing to secure communication mechanisms across embedded, mobile, or cloud environments.
Working knowledge of PKI concepts, X.509 certificates, and certificate lifecycle management.
Solid understanding of common cryptographic algorithms and protocols (e.g., AES, RSA, ECC, SHA‑2/3, TLS).
Experience or exposure to secure boot, software signing, and TEE / secure enclave technologies (e.g., ARM TrustZone, Apple Secure Enclave, Android Keystore).
Familiarity with cloud API security concepts (OAuth 2.0, JWT, TLS) and secure software update mechanisms.
Basic understanding of threat modeling, attack surfaces, and exploit techniques (e.g., STRIDE).
Experience working in or exposure to regulated or safety‑critical environments (FDA, medical devices, automotive, aerospace) is a plus.
Skills & Attributes
Strong analytical and problem‑solving skills with attention to detail.
Ability to collaborate effectively across engineering and non‑engineering teams.
Clear written and verbal communication skills.
Willingness to learn, take feedback, and grow technical depth.
Interest in developing long‑term expertise in product security engineering.