Senior Cloud Security Engineer

Role Summary

We are seeking the best talent for a Senior Cloud Security Engineer to join our MedTech Product Security team. The role can be based in Raritan, NJ or Danvers, MA. Remote work options may be considered on a case-by-case basis and if approved by the Company. You will own the Product Security process that includes both pre-market and post-market processes engineering teams leverage throughout the product development lifecycle.

Responsibilities

• Being at the office in Danvers MA for a minimum of 3 days per week (for candidates within commutable distance to site).
• Partner with engineering teams (cloud, console) to drive successful adherence to Abiomed’s product security policies, processes, program objectives.
• Create, update, and improve product security processes.
• Act as an SME on cyber security matters and provide guidance to development teams.
• Advocate for proactive inclusion of cyber security input into all phases of the product life cycle, process improvements, strategic product road map planning.
• Deliver documentation for pre-market product development activities including security plans, threat models, security requirements, SBOM, and risk management documentation.
• Drive and monitor post-market vulnerability management activities, with adherence to strict timelines.
• Perform security risk assessment on Cloud infrastructure and applications.
• Collaborate with the development team to integrate security measures into the CI/CD pipeline and the DevSecOps processes.
• Continuous improvement of Defender Score.
• Support compliance certification activities, such as SOC2, FedRAMP, ISO 27001, etc.
• Identify, research, evaluate, and integrate new compliance requirements, industry standards, and best practices into the product security programs.
• Maintain relationships with Abiomed’s Information Sharing and Analysis Organizations.
• Guide teams to make decisions that balance business needs with medical device security objectives.
• Work across organizational boundaries and exhibit empathy with customers, both internal and external.
• Perform other related duties and responsibilities, as assigned.

Qualifications

• Bachelor’s degree
• 5+ years industry experience in Information Security.
• Experience working in a Cloud Scrum/Agile Azure DevOps environment.
• Familiarity with some or all of these tools: Snyk, Veracode, Wiz, JIRA, Confluence.
• Experience with Containerization technologies such as Docker and Kubernetes.
• Working knowledge of regulatory standards and compliance frameworks (e.g., NIST Cybersecurity Framework, ISO27001, SOC2, HIPAA, GDPR).
• Experience with security risk management techniques.
• Demonstrated organizational skills, attention to detail, the ability to handle multiple assignments simultaneously in a timely manner and be able to meet assigned deadlines.
• Committed to working with a sense of urgency and embracing new challenges.
• Strong communication and interpersonal skills.

Preferred

• Experience working in an FDA-regulated environment.