Supira Medical, a clinical-stage Shifamed Portfolio Company, is developing a low-profile, high continuous flow percutaneous ventricular assist device (pVAD) to provide temporary mechanical circulatory support in high risk percutaneous coronary interventional (HRPCI) procedures as well as patients suffering from cardiogenic shock. To learn more about Supira Medical, please visit www.supiramedical.com.

DESCRIPTION

We are seeking an experienced Principal Software Engineer to lead the firmware development and cybersecurity engineering efforts for a Class III medical device. In this role, you will oversee embedded firmware architecture, direct security strategy (in partnership with third-party consultants), and drive excellence in software development planning and process.
You will collaborate closely with systems engineering, hardware, software, quality, regulatory, and clinical teams to deliver high-integrity, compliant, and secure solutions that meet both regulatory requirements and clinical needs. This is a full time on-site position and will require reporting to our offices located in Los Gatos, CA.

EDUCATION & WORK EXPERIENCE

• Bachelor’s or Master’s degree in Computer Science, Computer Engineering, or related discipline.
• 10+ years of combined software and firmware development experience in the medical device industry.
• Strong proficiency in C, C++, C#, real-time embedded systems, bare-metal programming, and low-level driver development (I²C, SPI, UART, ADC/DAC).
• Proven experience with formal software lifecycle processes, version control (e.g., Git), static analysis, and automated testing tools.
• Skilled in using oscilloscopes, logic analyzers, DVMs, and hardware debuggers.
• Demonstrated success in managing external cybersecurity vendors, including defining scopes of work and evaluating deliverables.
• Familiarity with IEC 62304, ISO 14971, FDA cybersecurity guidance, and SBOM/VEX practices.
• Strong understanding of microcontrollers, hardware interfaces, safety-critical systems, and secure design principles.
• Excellent communicator and proven leader who can mentor engineers and improve processes.
• Nice to Have: Motor control, cardiac device experience, STM32/TI-C2000, and prior regulatory submission exposure.
  Our salary ranges are calculated by role and level. Your position within that range will be determined by your job-related knowledge, skills, experience, relevant education, and training/certifications. In addition to those factors, we also examine internal equity as well as consider current market rate, and title may be assessed one level lower or higher accordingly. After you join the company your performance, contributions, and results along with business and organizational needs will affect your base salary. The base salary range for this full-time position is between $190,000 to $220,000 + equity + benefits.
  NOTICE TO CANDIDATES: Please be aware that Shifamed and its portfolio companies do not conduct interviews or extend offers through mobile web chat applications. Please report any such occurrences to hr@shifamed.com

• Lead the embedded firmware development lifecycle — from architecture and design through implementation, verification, and release — ensuring alignment with system and product-level requirements.
• Serve as the internal technical lead for cybersecurity, managing and overseeing the work of external security consulting firms. Review and evaluate third-party deliverables, including architecture reviews, threat models, penetration testing, and security summary reports.
• Integrate safety and security considerations into design decisions, balancing clinical requirements with robust threat mitigation strategies.
• Work closely with quality and engineering to drive adherence to software development processes compliant with IEC 62304, ISO 14971, FDA 21 CFR Part 820, and recognized cybersecurity standards. Recommend and implement SOP updates to advance best practices within the software organization.
• Establish and maintain development plans.
• Work with manufacturing engineering to develop, optimize, and simplify tooling and production processes.
• Support regulatory submissions and responses, including cybersecurity documentation and technical justifications.
• Coordinate with the Clinical group to prepare and maintain customer-facing security documentation, including the Manufacturer Disclosure Statement for Medical Device Security (MDS2).