Senior Cloud Security Engineer

Role Summary

Senior Cloud Security Engineer to join our MedTech Product Security team. Based in either Raritan, NJ or Danvers, MA with potential remote options on a case-by-case basis. You will own the Product Security process for pre-market and post-market activities, influencing development initiatives and shaping future product security standards.

Responsibilities

• Be present at the Danvers, MA office for a minimum of 3 days per week if within commutable distance.
• Partner with engineering teams to drive adherence to product security policies, processes, and program objectives.
• Create, update, and improve product security processes.
• Act as an SME on cyber security matters and provide guidance to development teams.
• Advocate for proactive inclusion of cyber security input into all phases of the product life cycle and strategic road map planning.
• Deliver documentation for pre-market product development activities including security plans, threat models, security requirements, SBOM, and risk management documentation.
• Drive and monitor post-market vulnerability management activities with strict timelines.
• Perform security risk assessment on cloud infrastructure and applications.
• Collaborate with the development team to integrate security measures into the CI/CD pipeline and DevSecOps processes.
• Continuously improve Defender Score.
• Support compliance certification activities (SOC2, FedRAMP, ISO 27001, etc.).
• Identify, research, evaluate, and integrate new compliance requirements, industry standards, and best practices into product security programs.
• Maintain relationships with Information Sharing and Analysis Organizations.
• Guide teams to balance business needs with medical device security objectives.
• Collaborate across organizational boundaries and with customers as needed.
• Perform other related duties as assigned.

Qualifications

• Required:
  • Bachelor’s degree
  • 5+ years in Information Security
  • Experience in a Cloud Scrum/Agile Azure DevOps environment
  • Familiarity with tools such as Snyk, Veracode, Wiz, JIRA, Confluence
  • Experience with Docker and Kubernetes
  • Working knowledge of regulatory standards and frameworks (NIST CSF, ISO27001, SOC2, HIPAA, GDPR)
  • Experience with security risk management techniques
  • Strong organizational skills and ability to manage multiple tasks with deadlines
  • Sense of urgency and adaptability to challenges
  • Strong communication and interpersonal skills

Preferred

• Experience in an FDA-regulated environment

Skills

• Cloud security architecture and risk assessment
• Security in DevSecOps; CI/CD integration
• Threat modeling and security controls design
• Regulatory compliance and certification processes
• Documentation and cross-functional collaboration
• Vendor and tool ecosystem evaluation

Education

• Bachelor’s degree (required)

Additional Requirements

• None specified beyond listed qualifications