Senior Engineer, Cybersecurity

 Bring more to life. 

Are you ready to accelerate your potential and make a real difference within life sciences, diagnostics and biotechnology?  

At Leica Biosystems, one of Danaher’s 15+ operating companies, our work saves lives—and we’re all united by a shared commitment to innovate for tangible impact.   

You’ll thrive in a culture of belonging where you and your unique viewpoint matter. And by harnessing Danaher’s system of continuous improvement, you help turn ideas into impact – innovating at the speed of life. 

At Leica Biosystems, we’re not just shaping the future of cancer diagnostics — we’re transforming lives. Our mission of “Advancing Cancer Diagnostics, Improving Lives” is the driving force behind everything we do. As a global leader with the most comprehensive portfolio spanning from biopsy to diagnosis, we empower clinicians with innovative, reliable solutions so they can give patients timely, accurate answers when they need them most. When you join Leica Biosystems, you’re not just taking a job; you’re becoming part of a passionate team that knows every moment matters when it comes to cancer. You’ll help develop diagnostic solutions that turn anxiety into answers, and aid the acceleration of next-generation, life-changing therapies. Surrounded by a diverse and collaborative global community, you’ll be inspired each day to stretch, grow, and make an impact. 

Learn about the Danaher Business System which makes everything possible. 

The Senior Engineer, Cybersecurity is responsible for implementing and guiding cybersecurity best practices within the software engineering group to secure Leica Biosystems medical device product portfolio. This role also assures alignment with industry standards, customer expectations and regulatory requirements, while providing expert guidance and support to software engineering teams on cybersecurity analysis and review.  

This position reports to the Manager, Software Engineering and is part of the DevSecOps team. The role is based on-site in Mt Waverley, Victoria.  

In this role, you will have the opportunity to: 

• Implement and automate security hardening for Windows and Linux product environments — apply industry benchmarks (e.g. CIS benchmarks, STIGs) using configuration‑as‑code to reduce attack surface and ensure secure, repeatable baseline configurations across the product lifecycle. 

• Embed product security into the Secure Development Lifecycle using DevSecOps practices — integrate automated security controls and testing (e.g. SAST, DAST) into CI pipelines, and enable software engineering teams to implement secure‑by‑design patterns consistently. 

• Lead security architecture, threat modelling, and risk‑based design reviews with traceability — perform threat modelling, security reviews, and security risk assessments; define objective, testable security requirements and maintain traceability from threats and risks through mitigations and verification evidence. 

• Drive vulnerability management across pre‑market and post‑market — perform vulnerability scanning and detection activities (e.g. Nessus, SAST, DAST), support triage and remediation with engineering teams, and maintain post‑market vulnerability monitoring and patch planning. 

• Assess and demonstrate product security compliance — evaluate product compliance against regulatory requirements, industry standards, and customer security questionnaires, coordinate penetration testing and security assessments, and support preparation of security evidence in collaboration with regulatory stakeholders. 

The essential requirements of the job include: 

• Bachelor or Master’s degree in Computing, Cybersecurity or a related discipline. 

• 6+ years of experience in cybersecurity, including demonstrated expertise in supporting secure implementation within products. 

• Experience with programming and scripting languages such as C#, Python, PowerShell, or Ansible. 

• Strong understanding of securing both Windows and Linux operating systems, including system hardening tools such as PowerSTIG, CIS-CAT Pro, Intune, WDAC, or AppGuard.  

• Experience assessing vulnerabilities and using vulnerability scanning tools (e.g. Nexpose, Nessus, SAST, DAST). 

It would be a plus if you also possess previous experience in: 

• Cybersecurity certification or qualification (e.g. CISSP or CSSLP).

• Cybersecurity risk assessment and reporting, especially AAMI TIR 57 - Principles of medical device security – risk management. 

• Medical device cybersecurity, especially US FDA cybersecurity guidance with working knowledge of IEC 81001-5-1 lifecycle requirements for secure development, maintenance, and risk management of health software.