Job Title: Senior Cloud Security Engineer
Location: Danvers, MA (Remote options may be considered on a case-by-case basis); Be on-site at the Danvers, MA office at least three days per week (for candidates within commuting distance).
Duration: FTE
The Challenge:
Are you passionate about security and want to work with a team that prioritizes patients first? We have an exciting opportunity for a Senior Cloud Security Engineer to join our Product Security team. You will be responsible for ensuring security is built into our product development process, impacting both pre-market and post-market activities for one of the leading medical device companies. This role will allow you to directly influence product development and industry standards, ultimately helping to improve patient lives.
Roles & Responsibilities:
- Partner with engineering teams (cloud, console) to ensure adherence to product security policies, processes, and objectives.
- Create, update, and improve product security processes.
- Act as a subject matter expert (SME) on cybersecurity and provide guidance to development teams.
- Advocate for the inclusion of cybersecurity in all phases of the product lifecycle, including process improvements and strategic product planning.
- Develop and deliver documentation for pre-market activities, such as security plans, threat models, security requirements, SBOM, and risk management documents.
- Oversee and drive post-market vulnerability management activities within strict timelines.
- Conduct security risk assessments on cloud infrastructure and applications.
- Collaborate with development teams to integrate security into the CI/CD pipeline and DevSecOps processes.
- Continuously improve security measures, including the Defender Score.
- Support compliance certification efforts, including SOC2, FedRAMP, ISO 27001, and others.
- Identify, evaluate, and integrate new compliance requirements and industry standards into the product security programs.
- Maintain relationships with Information Sharing and Analysis Organizations (ISAOs).
- Guide teams in making decisions that balance business needs with security objectives for medical devices.
- Work collaboratively across teams and demonstrate empathy for both internal and external customers.
- Perform additional related duties as assigned.
Essential Skills & Requirements:
- Bachelor’s degree.
- 5+ years of experience in Information Security.
- Experience in a Cloud Scrum/Agile environment using Azure DevOps.
- Familiarity with tools such as Snyk, Veracode, Wiz, JIRA, and Confluence.
- Experience with containerization technologies (e.g., Docker, Kubernetes).
- Working knowledge of regulatory standards and compliance frameworks (e.g., NIST Cybersecurity Framework, ISO 27001, SOC2, HIPAA, GDPR).
- Strong organizational skills, attention to detail, and the ability to manage multiple assignments and meet deadlines.
- Ability to work with urgency and embrace new challenges.
- Excellent communication and interpersonal skills.
Preferred Qualifications:
Experience in an FDA-regulated environment.