Job Title: Senior Cloud Security Engineer
Location: Danvers, MA (Remote options may be considered on a case-by-case basis); Be on-site at the Danvers, MA office at least three days per week (for candidates within commuting distance).
Duration: FTE

The Challenge:
Are you passionate about security and want to work with a team that prioritizes patients first? We have an exciting opportunity for a Senior Cloud Security Engineer to join our Product Security team. You will be responsible for ensuring security is built into our product development process, impacting both pre-market and post-market activities for one of the leading medical device companies. This role will allow you to directly influence product development and industry standards, ultimately helping to improve patient lives.

Roles & Responsibilities:
• Partner with engineering teams (cloud, console) to ensure adherence to product security policies, processes, and objectives.
• Create, update, and improve product security processes.
• Act as a subject matter expert (SME) on cybersecurity and provide guidance to development teams.
• Advocate for the inclusion of cybersecurity in all phases of the product lifecycle, including process improvements and strategic product planning.
• Develop and deliver documentation for pre-market activities, such as security plans, threat models, security requirements, SBOM, and risk management documents.
• Oversee and drive post-market vulnerability management activities within strict timelines.
• Conduct security risk assessments on cloud infrastructure and applications.
• Collaborate with development teams to integrate security into the CI/CD pipeline and DevSecOps processes.
• Continuously improve security measures, including the Defender Score.
• Support compliance certification efforts, including SOC2, FedRAMP, ISO 27001, and others.
• Identify, evaluate, and integrate new compliance requirements and industry standards into the product security programs.
• Maintain relationships with Information Sharing and Analysis Organizations (ISAOs).
• Guide teams in making decisions that balance business needs with security objectives for medical devices.
• Work collaboratively across teams and demonstrate empathy for both internal and external customers.
• Perform additional related duties as assigned.

Essential Skills & Requirements:
• Bachelor’s degree.
• 5+ years of experience in Information Security.
• Experience in a Cloud Scrum/Agile environment using Azure DevOps.
• Familiarity with tools such as Snyk, Veracode, Wiz, JIRA, and Confluence.
• Experience with containerization technologies (e.g., Docker, Kubernetes).
• Working knowledge of regulatory standards and compliance frameworks (e.g., NIST Cybersecurity Framework, ISO 27001, SOC2, HIPAA, GDPR).
• Strong organizational skills, attention to detail, and the ability to manage multiple assignments and meet deadlines.
• Ability to work with urgency and embrace new challenges.
• Excellent communication and interpersonal skills.

Preferred Qualifications:
• Experience in an FDA-regulated environment.