We are seeking a skilled and motivated Cyber Security Engineer to lead efforts in securing our Software as a Medical Device (SaaMD) offerings.
This pivotal role ensures global compliance and best-in-class security practices throughout the software development lifecycle, anchored in standards like ISO/IEC 27001, ISO/IEC 27002, and ISO 13485.
Key Responsibilities
Security Control Implementation :
- Design, implement, and monitor robust security controls across the SaaMD SDLC.
- Align with ISO/IEC 27001, 27002, and ISO 13485 frameworks.
- Guide secure coding, DevSecOps practices, and vulnerability management.
- Apply a risk-based approach to identify and mitigate threats proactively.
Compliance & Audit Readiness
- Support internal and external audits with detailed documentation.
- Collaborate with Quality & Regulatory teams for ISO 13485 compliance.
- Maintain audit-ready procedures and manage change documentation.
Threat Modeling & Penetration Testing
- Develop threat models using tools like LucidChart.
- Conduct pen-testing via BurpSuite, nmap, Wireshark, and Deptrack.
- Run static and dynamic code analysis for vulnerability detection.
Vulnerability Management
- Assess vulnerabilities using Grype, Dockle, Trivy, and Deptrack.
- Partner with development teams for triage and resolution.
- Drive remediation workflows and monitor KPIs.
Reporting & Stakeholder Communication
- Produce detailed security assessments with actionable steps.
- Deliver periodic updates on security posture to leadership.
- Translate complex risks into business-friendly language.
Security Awareness & Training
- Build training modules to cultivate a security-first mindset.
- Advocate for secure engineering culture across teams.
Qualifications
Required :
- Bachelors in Computer Science, Information Security, or relevant experience.
- 3+ years in cybersecurity engineering, ideally in healthcare or medical devices.
- Proven knowledge of ISO/IEC 27001, 27002 & ISO 13485.
- Hands-on expertise with LucidChart, BurpSuite, nmap, Wireshark, Deptrack.
- Experience with Grype, Dockle, Trivy; DevSecOps & secure coding practices.
- Track record in audit support and regulatory compliance.
Preferred
- Certifications like CISSP, CEH, OSCP, CISM, or ISO/IEC 27001 Lead Implementer.
- Background in SaaMD or regulated industries (healthcare/pharma).
- Familiarity with frameworks like NIST, HITRUST, and CI/CD workflows.
Skills & Traits
- Strong analytical, communication, and problem-solving skills.
- Detail-oriented with a proactive risk management approach.
- Team collaborator able to influence across engineering and compliance functions.
(ref:hirist.tech)
