Senior Cloud Security Engineer
Salary undisclosed
Apply on
Original
Simplified
Job Title: Senior Cloud Security Engineer
Location: Danvers, MA (Remote options may be considered on a case-by-case basis); Be on-site at the Danvers, MA office at least three days per week (for candidates within commuting distance).
Duration: FTE
Location: Danvers, MA (Remote options may be considered on a case-by-case basis); Be on-site at the Danvers, MA office at least three days per week (for candidates within commuting distance).
Duration: FTE
The Challenge:
Are you passionate about security and want to work with a team that prioritizes patients first? We have an exciting opportunity for a Senior Cloud Security Engineer to join our Product Security team. You will be responsible for ensuring security is built into our product development process, impacting both pre-market and post-market activities for one of the leading medical device companies. This role will allow you to directly influence product development and industry standards, ultimately helping to improve patient lives.
Are you passionate about security and want to work with a team that prioritizes patients first? We have an exciting opportunity for a Senior Cloud Security Engineer to join our Product Security team. You will be responsible for ensuring security is built into our product development process, impacting both pre-market and post-market activities for one of the leading medical device companies. This role will allow you to directly influence product development and industry standards, ultimately helping to improve patient lives.
Roles & Responsibilities:
Partner with engineering teams (cloud, console) to ensure adherence to product security policies, processes, and objectives.
Create, update, and improve product security processes.
Act as a subject matter expert (SME) on cybersecurity and provide guidance to development teams.
Advocate for the inclusion of cybersecurity in all phases of the product lifecycle, including process improvements and strategic product planning.
Develop and deliver documentation for pre-market activities, such as security plans, threat models, security requirements, SBOM, and risk management documents.
Oversee and drive post-market vulnerability management activities within strict timelines.
Conduct security risk assessments on cloud infrastructure and applications.
Collaborate with development teams to integrate security into the CI/CD pipeline and DevSecOps processes.
Continuously improve security measures, including the Defender Score.
Support compliance certification efforts, including SOC2, FedRAMP, ISO 27001, and others.
Identify, evaluate, and integrate new compliance requirements and industry standards into the product security programs.
Maintain relationships with Information Sharing and Analysis Organizations (ISAOs).
Guide teams in making decisions that balance business needs with security objectives for medical devices.
Work collaboratively across teams and demonstrate empathy for both internal and external customers.
Perform additional related duties as assigned.
Partner with engineering teams (cloud, console) to ensure adherence to product security policies, processes, and objectives.
Create, update, and improve product security processes.
Act as a subject matter expert (SME) on cybersecurity and provide guidance to development teams.
Advocate for the inclusion of cybersecurity in all phases of the product lifecycle, including process improvements and strategic product planning.
Develop and deliver documentation for pre-market activities, such as security plans, threat models, security requirements, SBOM, and risk management documents.
Oversee and drive post-market vulnerability management activities within strict timelines.
Conduct security risk assessments on cloud infrastructure and applications.
Collaborate with development teams to integrate security into the CI/CD pipeline and DevSecOps processes.
Continuously improve security measures, including the Defender Score.
Support compliance certification efforts, including SOC2, FedRAMP, ISO 27001, and others.
Identify, evaluate, and integrate new compliance requirements and industry standards into the product security programs.
Maintain relationships with Information Sharing and Analysis Organizations (ISAOs).
Guide teams in making decisions that balance business needs with security objectives for medical devices.
Work collaboratively across teams and demonstrate empathy for both internal and external customers.
Perform additional related duties as assigned.
Essential Skills & Requirements:
Bachelor's degree.
5+ years of experience in Information Security.
Experience in a Cloud Scrum/Agile environment using Azure DevOps.
Familiarity with tools such as Snyk, Veracode, Wiz, JIRA, and Confluence.
Experience with containerization technologies (e.g., Docker, Kubernetes).
Working knowledge of regulatory standards and compliance frameworks (e.g., NIST Cybersecurity Framework, ISO 27001, SOC2, HIPAA, GDPR).
Strong organizational skills, attention to detail, and the ability to manage multiple assignments and meet deadlines.
Ability to work with urgency and embrace new challenges.
Excellent communication and interpersonal skills.
Bachelor's degree.
5+ years of experience in Information Security.
Experience in a Cloud Scrum/Agile environment using Azure DevOps.
Familiarity with tools such as Snyk, Veracode, Wiz, JIRA, and Confluence.
Experience with containerization technologies (e.g., Docker, Kubernetes).
Working knowledge of regulatory standards and compliance frameworks (e.g., NIST Cybersecurity Framework, ISO 27001, SOC2, HIPAA, GDPR).
Strong organizational skills, attention to detail, and the ability to manage multiple assignments and meet deadlines.
Ability to work with urgency and embrace new challenges.
Excellent communication and interpersonal skills.
Preferred Qualifications:
Experience in an FDA-regulated environment.
Experience in an FDA-regulated environment.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
Report this job Similar Jobs
