Cyber Security Engineer

Cyber Security Engineer

You will be responsible for implementing security controls, conducting threat modeling and penetration testing, supporting compliance audits, and driving continuous improvement in our security posture.

Key Responsibilities

1. Security Control Implementation

• Design, implement, and monitor security controls within the SaaMD development lifecycle.
• Ensure alignment with ISO/IEC 27001, 27002, and ISO 13485 standards.
• Collaborate with development teams to integrate security practices across the SDLC.
• Advise on secure coding, vulnerability management, and DevSecOps principles.
• Maintain a risk-based security approach, identifying threats and vulnerabilities early.

2. Compliance & Audit Support

• Provide documentation and evidence for internal/external audits (ISO/IEC 27001, 27002).
• Work closely with Quality and Regulatory teams to ensure ISO 13485 compliance.
• Create and maintain policies, procedures, and documentation for audit readiness.
• Manage change documentation processes to support audit traceability.

3. Threat Modeling & Penetration Testing

• Build and refine threat models using tools such as

  LucidChart

  .
• Perform penetration testing and security assessments using tools like

  BurpSuite

  ,

  nmap

  ,

  Wireshark

  , and

  Deptrack

  .
• Conduct both static and dynamic code analysis to uncover vulnerabilities.

4. Vulnerability Management

• Conduct vulnerability assessments with tools such as

  Grype

  ,

  Dockle

  , and

  Trivy

  .
• Collaborate with development teams to triage and resolve issues.
• Track vulnerabilities through identification to remediation.
• Establish a robust vulnerability management process with defined KPIs.

5. Reporting & Communication

• Create comprehensive security and penetration test reports with clear remediation steps.
• Effectively communicate risks and collaborate with cross-functional teams.
• Provide management with periodic updates on security posture, vulnerability status, and remediation progress.

6. Security Awareness & Training

• Assist in the development and delivery of security training for engineering teams.
• Foster a strong security culture by promoting best practices and awareness.

Qualifications

• Bachelors degree in Computer Science, Information Security, or a related field (or equivalent experience).
• 3+ years of experience in cybersecurity engineering, ideally in the medical device or healthcare domain.
• Deep knowledge of

  ISO/IEC 27001

  ,

  ISO/IEC 27002

  , and

  ISO 13485

  standards.
• Hands-on experience with threat modeling and pen-testing tools (e.g., BurpSuite, nmap, Wireshark, LucidChart).
• Experience with vulnerability scanning tools like

  Grype

  ,

  Dockle

  ,

  Trivy

  , and

  Deptrack

  .
• Strong grasp of secure coding, secure software development practices, and DevSecOps.
• Demonstrated success in security audit preparation and compliance processes.
• Familiarity with cloud security, container security, and modern environments (e.g., Docker, Kubernetes).

Preferred

• Relevant certifications:

  CISSP

  ,

  CEH

  ,

  OSCP

  ,

  CISM

  , or

  ISO/IEC 27001 Lead Implementer

  .
• Experience in SaaMD or highly regulated environments (healthcare, pharma, etc.).
• Knowledge of

  NIST

  ,

  HITRUST

  , or other risk management frameworks.
• Experience working within CI/CD pipelines and DevOps workflows.

Skills

• Strong analytical and problem-solving abilities.
• Excellent written and verbal communication; able to translate technical details to non-technical stakeholders.
• Detail-oriented with a proactive mindset toward risk management.
• Team player with the ability to collaborate effectively across departments.