Senior Cloud Security Engineer

Job Title: Senior Cloud Security Engineer
Location: Danvers MA (Remote options may be considered on a casebycase basis); Be onsite at the Danvers MA office at least three days per week (for candidates within commuting distance).
Duration: FTE

The Challenge:
Are you passionate about security and want to work with a team that prioritizes patients first We have an exciting opportunity for a Senior Cloud Security Engineer to join our Product Security team. You will be responsible for ensuring security is built into our product development process impacting both premarket and postmarket activities for one of the leading medical device companies. This role will allow you to directly influence product development and industry standards ultimately helping to improve patient lives.

Roles & Responsibilities:
Partner with engineering teams (cloud console) to ensure adherence to product security policies processes and objectives.
Create update and improve product security processes.
Act as a subject matter expert (SME) on cybersecurity and provide guidance to development teams.
Advocate for the inclusion of cybersecurity in all phases of the product lifecycle including process improvements and strategic product planning.
Develop and deliver documentation for premarket activities such as security plans threat models security requirements SBOM and risk management documents.
Oversee and drive postmarket vulnerability management activities within strict timelines.
Conduct security risk assessments on cloud infrastructure and applications.
Collaborate with development teams to integrate security into the CI/CD pipeline and DevSecOps processes.
Continuously improve security measures including the Defender Score.
Support compliance certification efforts including SOC2 FedRAMP ISO 27001 and others.
Identify evaluate and integrate new compliance requirements and industry standards into the product security programs.
Maintain relationships with Information Sharing and Analysis Organizations (ISAOs).
Guide teams in making decisions that balance business needs with security objectives for medical devices.
Work collaboratively across teams and demonstrate empathy for both internal and external customers.
Perform additional related duties as assigned.

Essential Skills & Requirements:
Bachelors degree.
5 years of experience in Information Security.
Experience in a Cloud Scrum/Agile environment using Azure DevOps.
Familiarity with tools such as Snyk Veracode Wiz JIRA and Confluence.
Experience with containerization technologies (e.g. Docker Kubernetes).
Working knowledge of regulatory standards and compliance frameworks (e.g. NIST Cybersecurity Framework ISO 27001 SOC2 HIPAA GDPR).
Strong organizational skills attention to detail and the ability to manage multiple assignments and meet deadlines.
Ability to work with urgency and embrace new challenges.
Excellent communication and interpersonal skills.

Preferred Qualifications:
Experience in an FDAregulated environment.