Cyber Security Engineer - Vulnerability Management

We are seeking a skilled and motivated Cyber Security Engineer to lead efforts in securing our Software as a Medical Device (SaaMD) offerings.
This pivotal role ensures global compliance and best-in-class security practices throughout the software development lifecycle, anchored in standards like ISO/IEC 27001, ISO/IEC 27002, and ISO 13485.Key Responsibilities :
Security Control Implementation :
- Design, implement, and monitor robust security controls across the SaaMD SDLC.

- Align with ISO/IEC 27001, 27002, and ISO 13485 frameworks.

- Guide secure coding, DevSecOps practices, and vulnerability management.

- Apply a risk-based approach to identify and mitigate threats proactively.
Compliance & Audit Readiness :
- Support internal and external audits with detailed documentation.

- Collaborate with Quality & Regulatory teams for ISO 13485 compliance.

- Maintain audit-ready procedures and manage change documentation.
Threat Modeling & Penetration Testing :
- Develop threat models using tools like LucidChart.

- Conduct pen-testing via BurpSuite, nmap, Wireshark, and Deptrack.

- Run static and dynamic code analysis for vulnerability detection.
Vulnerability Management :
- Assess vulnerabilities using Grype, Dockle, Trivy, and Deptrack.

- Partner with development teams for triage and resolution.

- Drive remediation workflows and monitor KPIs.
Reporting & Stakeholder Communication :
- Produce detailed security assessments with actionable steps.

- Deliver periodic updates on security posture to leadership.

- Translate complex risks into business-friendly language.
Security Awareness & Training :
- Build training modules to cultivate a security-first mindset.

- Advocate for secure engineering culture across teams.
Qualifications :
Required :
- Bachelors in Computer Science, Information Security, or relevant experience.

- 3+ years in cybersecurity engineering, ideally in healthcare or medical devices.

- Proven knowledge of ISO/IEC 27001, 27002 & ISO 13485.

- Hands-on expertise with LucidChart, BurpSuite, nmap, Wireshark, Deptrack.

- Experience with Grype, Dockle, Trivy; DevSecOps & secure coding practices.

- Track record in audit support and regulatory compliance.

Preferred :

- Certifications like CISSP, CEH, OSCP, CISM, or ISO/IEC 27001 Lead Implementer.

- Background in SaaMD or regulated industries (healthcare/pharma).
- Familiarity with frameworks like NIST, HITRUST, and CI/CD workflows.Skills & Traits :
- Strong analytical, communication, and problem-solving skills.

- Detail-oriented with a proactive risk management approach.

- Team collaborator able to influence across engineering and compliance functions.