Staff Software Quality Engineer

Mission:

Our Software Quality Engineer will drive exceptional product quality, safety, security, design and reliability through the R&D/Software Development and Quality teams and into the product. This important technical position will have direct influence on software and system product quality for R&D/production builds and release to market. This individual will work closely with software development engineers to define software development life cycle process, ensure compliance to external standards and guide the team through design controls document deliverables. They will actively participate in review of software requirements, software risk analyses, software architecture designs, software build procedures and maintaining traceability in an agile SW development environment.

• Working knowledge of design controls, risk management/analysis, and to the listed external software standards applicable to complex medical device products.
• Working knowledge in one or more of the following software languages: C, C++, UNIX Shell Script, Python; preferred development experience under UNIX/Linux based environment.
• Familiar with a wide variety of SW static and dynamic analysis tools.
• Experience with software development tools, including requirements management systems, system/software architecture tools, software configuration/version control tools and bug-tracking database.
• Proficient in common safety risk analysis techniques: FMECA (Failure Mode, Effects and Criticality Analysis), FTA (Fault Tree Analysis), or related.
• Knowledge of Real-time Operating System, Network Infrastructure and Security, Robotic Controls and/or Embedded Software will be a plus.
• Knowledge of security risk analysis standards and techniques (including UL 2900 series, AAMI TIR 57, NIST Cybersecurity Framework, Threat Modeling, Penetration Testing, etc.) will be a plus.

• B.S. or higher preferred in Computer Science, Software Engineering or relevant engineering disciplines, or equal years of work experience, with 5+ years in a software quality related role in the medical device industry.

• General and Standards Compliance - Lead the compliance of design controls and risk management activities for new medical device software, by following the governing standards including: IEC 62304 (Medical Device Software -- Software Life Cycle Processes), ISO 14971 (Medical devices -- Application of risk management to medical devices), AAMI TIR 32 (Medical Device Software Risk Management), AAMI TIR 45 (Agile SW Development for Medical Devices), and FDA Guidance documents including General Principles of SW Validation, OTS/SOUP, and Cyber-security.
• Software Safety Risk Analysis - Lead the technical efforts of software risk management. Review product and software requirements, engineering designs and interface documentation. Initiate, coordinate and drive the completion of software risk analysis documents. Understand how software requirements relate to overall system requirements and risks. Understand common techniques, such as redundancy, segregation and monitoring, for mitigating software risks. Provide traceability back to the system/hazard/risk requirements.
• Static and Runtime Analysis - Review and interpret the results generated from static analysis, runtime analysis, and/or code review sessions. Feedback the code quality and security issues back to the risk analysis profile. Participate in software bug/defect analyses and reviews. Generate and maintain code quality and security metrics.
• OTS/SOUP Management - Assess both the safety risk and security risk for the OTS/SOUP used in the product software. Conduct OTS/SOUP analysis and generate BASIC DOCUMENTATION and/or SPECIAL DOCUMENTATION per FDA guidance. Compile the List of SOUP for third party libraries embedded in the medical device software products.
• Product Security Risk Analysis : Review System/Software Architecture and Design documents. Conduct security risk analysis such as Threat Modeling. Understand security related topics such as authentication, authorization, etc. Plan, deliver and manage cybersecurity plan, FDA cybersecurity related documents and security testing.

• This role does not have any physical demand requirements.

• In 3 months , lead the technical efforts in conducting the software risk analyses in depth for the software subsystems/domains in charge.
• In 12 months , become the subject matter expert and the owner of the software subsystems/domains in charge.
• A parallel route may expand into the technical leadership in general for one of the software quality engineering functions: software design controls and standards compliance, software risk management, static/dynamic code analysis and software quality metrics, OTS/SOUP analysis and monitoring, product security and/or cybersecurity .