Cyber Security Engineer

Vayuz Technologies is seeking a skilled and motivated Cyber Security Engineer to lead efforts in ensuring the security, integrity, and regulatory compliance of our Software as a Medical Device (SaaMD) products. This pivotal role involves upholding global security standards, including ISO/IEC 27001, ISO/IEC 27002, and ISO 13485, while embedding security best practices across the software development lifecycle. You will be responsible for implementing security controls, conducting threat modeling and penetration testing, supporting compliance audits, and driving continuous improvement in our security posture.

Key Responsibilities

Security Control Implementation:

• Design, implement, and monitor security controls within the SaaMD development lifecycle.
• Ensure strict alignment with ISO/IEC 27001, ISO/IEC 27002, and ISO 13485 standards.
• Collaborate with development teams to integrate security practices across the SDLC (Software Development Life Cycle).
• Advise on secure coding principles, vulnerability management, and DevSecOps best practices.
• Maintain a risk-based security approach, proactively identifying threats and vulnerabilities early in the process.

Compliance & Audit Support:

• Provide comprehensive documentation and evidence for internal and external audits (ISO/IEC 27001, ISO/IEC 27002).
• Work closely with Quality and Regulatory teams to ensure robust ISO 13485 compliance.
• Create and maintain essential policies, procedures, and documentation for audit readiness.
• Manage change documentation processes meticulously to support full audit traceability.

Threat Modeling & Penetration Testing:

• Build and refine detailed threat models using tools such as LucidChart.
• Perform thorough penetration testing and security assessments using industry-standard tools like BurpSuite, nmap, Wireshark, and Deptrack.
• Conduct both static and dynamic code analysis to uncover potential vulnerabilities.

Vulnerability Management:

• Conduct comprehensive vulnerability assessments with tools such as Grype, Dockle, and Trivy.
• Collaborate effectively with development teams to triage and resolve identified issues promptly.
• Track vulnerabilities diligently from identification through to successful remediation.
• Establish a robust vulnerability management process with clearly defined KPIs (Key Performance Indicators).

Reporting & Communication:

• Create comprehensive security and penetration test reports with clear, actionable remediation steps.
• Effectively communicate risks to stakeholders and collaborate with cross-functional teams to implement solutions.
• Provide management with periodic updates on the overall security posture, vulnerability status, and remediation progress.

Security Awareness & Training:

• Assist in the development and delivery of targeted security training for engineering teams.
• Foster a strong security culture by actively promoting best practices and enhancing security awareness across the organization.

Qualifications

• Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent practical experience).
• Experience in cybersecurity engineering, ideally within the medical device or healthcare domain.
• Deep knowledge of ISO/IEC 27001, ISO/IEC 27002, and ISO 13485 standards.
• Hands-on experience with threat modeling and pen-testing tools (e.g., BurpSuite, nmap, Wireshark, LucidChart).
• Experience with vulnerability scanning tools like Grype, Dockle, Trivy, and Deptrack.
• Strong grasp of secure coding principles, secure software development practices, and DevSecOps methodologies.
• Demonstrated success in security audit preparation and compliance processes.
• Familiarity with cloud security, container security, and modern environments (e.g., Docker, Kubernetes).

Preferred

• Relevant certifications: CISSP, CEH, OSCP, CISM, or ISO/IEC 27001 Lead Implementer.
• Experience in SaaMD or highly regulated environments (e.g., healthcare, pharma).
• Knowledge of NIST, HITRUST, or other risk management frameworks.
• Experience working within CI/CD pipelines and DevOps workflows.

Skills

• Strong analytical and problem-solving abilities.
• Excellent written and verbal communication skills; able to translate complex technical details to non-technical stakeholders effectively.
• Detail-oriented with a proactive mindset toward risk management.
• A collaborative team player with the ability to work effectively across various departments.