Senior Cloud Security Engineer

Role Summary

Senior Cloud Security Engineer for the MedTech Product Security team. Based in Raritan, NJ or Danvers, MA with possible remote options on a case-by-case basis. Responsible for owning the Product Security process across pre-market and post-market activities, guiding security by design in product development, and impacting future product development and industry standards.

Responsibilities

• Be on-site in Danvers, MA for a minimum of 3 days per week if within commutable distance.
• Partner with engineering teams to drive adherence to product security policies, processes, and program objectives.
• Create, update, and improve product security processes.
• Act as a subject matter expert on cyber security and advise development teams.
• Advocate for proactive cyber security input throughout the product life cycle and roadmap planning.
• Deliver documentation for pre-market activities including security plans, threat models, security requirements, SBOM, and risk management docs.
• Drive and monitor post-market vulnerability management with strict timelines.
• Perform security risk assessments on cloud infrastructure and applications.
• Collaborate to integrate security measures into the CI/CD pipeline and DevSecOps processes.
• Continuously improve Defender Score.
• Support compliance certification activities (SOC2, FedRAMP, ISO 27001, etc.).
• Identify and integrate new compliance requirements, standards, and best practices.
• Maintain relationships with information sharing and analysis organizations.
• Guide teams to balance business needs with medical device security objectives.
• Work across organizational boundaries with empathy for customers.
• Perform other related duties as assigned.

Qualifications

• Bachelor’s degree
• 5+ years of experience in Information Security
• Experience in a Cloud Scrum/Agile Azure DevOps environment
• Familiarity with tools: Snyk, Veracode, Wiz, JIRA, Confluence
• Experience with Docker and Kubernetes
• Knowledge of regulatory standards and compliance frameworks (NIST CSF, ISO 27001, SOC2, HIPAA, GDPR)
• Experience with security risk management techniques
• Strong organizational skills, attention to detail, ability to manage multiple assignments
• Sense of urgency and adaptability to new challenges
• Excellent communication and interpersonal skills

Education

• Not specified beyond Bachelor’s degree

Additional Requirements

• Preferred: Experience in an FDA-regulated environment