Senior Cloud Security Engineer

Role Summary

Senior Cloud Security Engineer to join our MedTech Product Security team. Role based in Raritan, NJ or Danvers, MA with remote options considered on a case-by-case basis. Responsible for ensuring security is implemented by design across pre-market and post-market product development lifecycle, owning the Product Security process and guiding development teams to balance business needs with medical device security objectives.

Responsibilities

• Be in the office in Danvers, MA for a minimum of 3 days per week if within commutable distance.
• Partner with engineering teams to drive adherence to product security policies, processes, and objectives.
• Create, update, and improve product security processes.
• Act as an SME on cyber security matters and provide guidance to development teams.
• Advocate for proactive inclusion of cyber security input into all phases of the product life cycle and road map planning.
• Deliver documentation for pre-market activities including security plans, threat models, security requirements, SBOM, and risk management documentation.
• Drive and monitor post-market vulnerability management activities with strict timelines.
• Perform security risk assessments on cloud infrastructure and applications.
• Collaborate with development teams to integrate security into CI/CD pipelines and DevSecOps processes.
• Continuously improve Defender Score.
• Support compliance certifications (SOC2, FedRAMP, ISO 27001, etc.).
• Identify, research, evaluate, and integrate new compliance requirements and best practices into product security programs.
• Maintain relationships with Information Sharing and Analysis Organizations.
• Guide teams to balance business needs with medical device security objectives.
• Work across organizational boundaries and with customers, internal and external.
• Perform other related duties as assigned.

Qualifications

• Bachelor’s degree
• 5+ years of experience in Information Security
• Experience in a Cloud Scrum/Agile Azure DevOps environment
• Familiarity with tools: Snyk, Veracode, Wiz, JIRA, Confluence
• Experience with Docker and Kubernetes
• Working knowledge of regulatory standards (NIST CSF, ISO 27001, SOC2, HIPAA, GDPR)
• Experience with security risk management
• Strong organizational skills, attention to detail, ability to multitask and meet deadlines
• Sense of urgency and adaptability
• Strong communication and interpersonal skills

Preferred

• Experience in an FDA-regulated environment

Education

• Bachelor’s degree (specified in qualifications)