Senior Cloud Security Engineer

Role Summary

Senior Cloud Security Engineer to join the MedTech Product Security team. Role based in Raritan, NJ or Danvers, MA. Remote options may be considered case-by-case. You will own the Product Security process for pre-market and post-market activities throughout the product development lifecycle, and contribute to shaping future product development and industry standards.

Responsibilities

• Be onsite in Danvers, MA for a minimum of 3 days per week if within commuting distance.
• Partner with engineering teams to drive adherence to product security policies, processes, and program objectives.
• Create, update, and improve product security processes.
• Act as an SME on cybersecurity matters and provide guidance to development teams.
• Advocate for proactive inclusion of cybersecurity input into all phases of the product life cycle and strategic road map planning.
• Deliver documentation for pre-market product development activities including security plans, threat models, security requirements, SBOM, and risk management documentation.
• Drive and monitor post-market vulnerability management activities with strict timelines.
• Perform security risk assessment on cloud infrastructure and applications.
• Collaborate with the development team to integrate security measures into the CI/CD pipeline and DevSecOps processes.
• Continuously improve Defender Score.
• Support compliance certification activities (SOC2, FedRAMP, ISO 27001, etc.).
• Identify, research, evaluate, and integrate new compliance requirements, standards, and best practices into product security programs.
• Maintain relationships with Information Sharing and Analysis Organizations.
• Guide teams to balance business needs with medical device security objectives.
• Work across organizational boundaries and with customers, internal and external.
• Perform other related duties as assigned.

Qualifications

• Required:
  • Bachelor’s degree
  • 5+ years of experience in Information Security
  • Experience in a Cloud Scrum/Agile Azure DevOps environment
  • Familiarity with tools such as Snyk, Veracode, Wiz, JIRA, Confluence
  • Experience with Docker and Kubernetes
  • Working knowledge of regulatory standards and frameworks (NIST CSF, ISO27001, SOC2, HIPAA, GDPR)
  • Experience with security risk management techniques
  • Strong organizational skills, ability to manage multiple tasks and meet deadlines
  • Urgency and adaptability in facing new challenges
  • Strong communication and interpersonal skills
• Preferred:
  • Experience in an FDA-regulated environment

Skills

• Cloud security architecture and risk assessment
• Security in CI/CD and DevSecOps
• Threat modeling and security requirements
• Regulatory compliance and certification support
• Security governance and policy development

Education

• Bachelor’s degree