All deliverables performed for a Class IIb medical device manufacturer (name withheld due to NDA).
QMS • SOP Design • Requirements Traceability • MDR Class IIb
Designed and owned core software lifecycle SOPs to establish an audit-ready QMS aligned with MDR Class IIb requirements, covering requirements, risk, test, SOUP, and vulnerability management.
MDR Documentation • Audit Preparation • Internal & External Audits
Established and maintained MDR-relevant technical documentation and led internal audit cycles in preparation for notified body assessments, contributing to successful MDR Class IIb certification (April 2025).
Threat Modeling • Penetration Testing • Secure Architecture
Owned the cybersecurity risk assessment process, including threat modeling and penetration testing, and translated findings into concrete risk-minimizing architectural decisions across multiple application components.
Secure SDLC • CI/CD • Coding Guidelines • Automation
Defined and enforced secure SDLC conventions, including coding guidelines and CI/CD practices, to ensure consistency, reviewability, and MDR alignment across internal and external development teams.
Test Management • QA Processes • Traceability
Established a structured test management and QA traceability system, enabling full test coverage and auditable linkage between requirements, risks, tests, and releases.
Technical Leadership • Cross-Team Coordination • External Vendors
Acted as technical lead for MDR-relevant development and QA activities, coordinating internal contributors and external vendors, including penetration testing partners, under regulatory and audit constraints.